fb pixel

Information Security

You need a clear, cost-effective way to secure your organization and meet compliance requirements.

Information Security

You need a clear, cost-effective way to secure your organization and meet compliance requirements.

Very large organizations hire expensive, specialized staff. Others tend to struggle under the weight and confusion of Information Security.

The Mainstay team has pioneered an approach for necessary guidance and for ongoing service. We don’t simply assess your organization and leave you with a long list of tasks. We shoulder your needs, bringing our experience to your organization each day.

We have developed the most effective and budget-friendly way to meet compliance and information security needs. We turn the complexities of Information Security into a competitive advantage for your whole organization.

Watch the Overview for Information Security Services

Paige Yeater, Senior Director of Engineering and Security, shares more about what problems we help business leaders solve and what makes Mainstay’s services unique.

How does partnering for Information Security work?

  1. Assess. A straightforward, low-cost assessment lets us determine both your risk of being hacked and your level of compliance… and then we turn that into plain English. We give clear recommendations to ensure all stakeholders have clarity on the need, the consequences, and the path.
  2. Partner.  We can partner with you in multiple ways, bringing clarity, ease, and speed. We can partner with your IT Department, or with our Managed IT team.  And we can carry the ongoing Information Security Program.

Why an Information Security Program?

Because risk must be assessed and addressed.

Policies must be set and training programs developed.  Leaders must understand their responsibilities and HR must facilitate.  Permissions must be centrally managed and data flows mapped.  Tests must be run and reporting shared with leaders.

Vendors must be assessed and compliances managed. IT must be strengthened and continuous monitoring layered over top.

Contact us today to discuss a risk assessment.

Who needs Information Security?

  1. Organizations with data to protect.  Sensitive, confidential data must be secured at all times, in all places.
  2. Organizations with compliances to meet. This includes CMMC, HIPAA, NIST SP 800-171, NIST CSF, client contracts, state PII laws, ISO 27001, and more.

Meet the Team

Paige Yeater

Paige Yeater

Senior Director of Engineering and Security

Certified Information Security Manager (CISM), CMMC Registered Practitioner

Bridget Franciscovich

Bridget Franciscovich

Information Security Program Manager

CMMC Registered Practitioner

Erin Mealey

Erin Mealey

Information Security Program Manager

Certified Information Systems Auditor (CISA), CMMC Registered Practitioner

Brian Oberlies

Brian Oberlies

Information Security Program Specialist

CompTIA Security+

Key Terms in Information Security

If there’s an especially confusing area of technology today, it’s security! Terms are often interchanged and concepts blurred.

A few key terms:

 

Security

Scope: Everything

Protecting the organization, its assets (physical and digital), its people, and its data from threat.

Information Security (InfoSec)

Scope: Data

Also known as “Data Security,” this is the practice of protecting all data, in all forms, at all times.  InfoSec sets policy, manages risk, and drives to compliance.  It encompasses the IT systems but also the people, processes, and physical facilities (the whole organization).

Cybersecurity

Scope: Technology

The technical layers that protect an organization’s technology (such as encryption, firewalls, web filtering, etc.)

Compliance

Scope: Meeting requirements

Meeting regulatory or contract requirements (such as HIPAA, CMMC, NIST, state laws, or client contracts).

Information Security Program

It isn’t enough to have policies and strong cybersecurity. These must all be brought together in an ongoing program of monitoring, development, training, and iteration. It must be carried by qualified staff and evolve with the threats, the regulations, and the organization.

This is necessary for whole-organization security and is required by nearly every compliance.

Information Security Policies

Policies are more than pieces of paper. They are the record of decisions for how data is handled.  They provide the foundation of compliance and must be tailored to each organization.

The Event That Never Happened

(a true story)

The link looked innocent enough. And the login page was definitely official. Diane* (not her real name) had a busy day ahead, and the pressure of an overloaded schedule caused her to forget her training. She didn’t stop and consider, she simply input her credentials, downloaded the required software, and was off to the next task without a thought.

Two minutes later, her Internet stopped working. Before she could call Mainstay, they called her. “Diane, I wanted to let you know your system has been isolated and your account disabled, as suspicious activity was just noticed on your machine.”

The well-planned Information Security Program was working. And had the threat been even more severe, the organization would still have been ready. Layers of active defenses were backed by layers of incident response, overseen by skilled professionals.

The organization wasn’t in some extreme security industry with the budget to suit. They were a consulting firm, with 30 employees, and a standard budget for information security.

That day, their investment paid off.