Cyber Risk Management Solutions

Assessments

Be proactive to protect your bottom line.

Quickly discover your vulnerabilities.

We cover all your needs for comprehensive security risk assessments, technical assessments and custom assessments.
Our approach is proven faster, more comprehensive and we’ll stand by you in an audit.

Information and Cybersecurity Standards

Third Rock has expertise in the following compliance standards and regulations.

Healthcare – HIPAA
Healthcare – HIPAA Audit Protocol
Financial/Insurance  – NY DFS
Insurance – NAIC 668
International – GDPR
Cyber/Defense – NIST SP 800-171
Cyber – CCPA – (Coming Soon)

Technical Assessments

Third Rock can map your protected information (data) through its entire flow through your organization.

Protected Information search and scans
OS Vulnerabilities and Compliance scans
Network Vulnerabilities scan
Penetration Testing
Network Communication scans
Code Reviews

and more to assure your valuable data is protected

    Custom Assessments

    Third Rock creates custom assessments you need to assess clients or vendors to improve cyber security.  For example;

    Agreement/Contract Review and Audits
    for legal and financial protection

    Due Diligence Assessments
    to understand cyber risk status

    Merger and Acquisitions Assessments
    establish risks prior to purchase or merger 

    Vendor Verification Assessments
    understand exposures with third parties 

    Powered by CyberCompass and backed with Fortune 50 experience.

    Cybersecurity Scans

    Third Rock offers the most comprehensive suite of scans.

    OS Vulnerability & Compliance 

    • Over 300 action Items tested.
    • Cyber Security Rapid Repair Guide.
    • Top priority issues outlined to quickly harden your systems and network.

    Network Discovery & Inventory

    • Inventory of all devices connected to network.
    • Basis for sensitive data flow diagram.

    Network Vulnerability

    • Exposes weaknesses of computers and network devices on the local network.

    Network Penetration Testing (External)

    • Industry-standard methodology and tools.
    • Exposes weaknesses in firewalls and access to network(s).

    Sensitive Data Security

    • Scans computer and network storage for unencrypted sensitive data.
    • Includes PII, PCI, HIPAA.
    • Report identifying unencrypted data.

    Communications Security

    • Checks proper configuration of secure connections.
    • Includes SSL and TLS standards.
    • Report including corrective actions.

    Phishing Risk Assessment

    • One-time or quarterly training package.

    Source Code Security

    • Scans source code for security issues.
    • Identifies potential issues with the code.

      Risk Mitigation

      Remediate your risk 70% faster across your entire organization.

      Rapidly reduce your risk.

      Our risk mitigation approach sets us apart from the rest of the consulting, assessing, auditing and cybersecurity world.
      We have the experience and expertise to deliver mitigation in 1/3 of the time and improve your cybersecurity over 450%.
      We cover the entire spectrum of cybersecurity for your organization.

      Workforce
      (Staff, Officer, Management)

      • Compliance training
      • Cybersecurity training
      • Phishing training

       

      Process

      • Prioritized corrective actions
      • Step-by-step guide to reduce risk
      • Audit ready policies and procedures
      • Audit ready strategic plans
      • Status reports

      Technology

      • Cybersecurity scans
      • Technical forensics
      • Application and data security
      • System and network security

      Vendor

      • Third party management
      • Agreement (BAA) review
      • Security Risk Assessments
      • Cyber risk verification

      Virtual / Outsourcing

      Pre-Breach and Incident Response

      Experts to advise, implement or augment your cyber risk efforts.

      Advisory

      We provide expertise in cybersecurity to your board, executives, management and staff.

      Implementation

      We lead and assist with implementation of your cybersecurity program.

      Operations

      We augment your staff with skilled professionals and skilled contract resources.

      vCCO

      Our virtual Chief Compliance Officers fill a very important role for your business.  Leading the charge to improve cybersecurity and compliance across the organization, reducing risk and liabilities.

        vCISO

        Everyone needs a top notch CISO. Unfortunately, most can’t afford one. We’ll share our team with you.  Providing leadership to implement your cybersecurity program across your entire organization.  You pay a small portion of a full-time CISO and receive an experienced team to rapidly improve your cybersecurity and compliance.

        vCISSP

        Sometimes you need a seriously smart nerd to dig into finding the problem and correcting it. Our cybersecurity experts can help with technical forensics, proper configurations and overall improved cybersecurity.

        Audit Response

        Quickly respond to audit requests with guaranteed results.

         Meet audit requirements in days vs months.

        We work with your team so you can meet the requirements and deadline of an audit.
        We work with some of the largest insurance and legal firms in the world to help their clients prepare and respond to audits.
        We’ve followed behind large consulting firms, well known private alliances and prestiges law firms whose work failed the audit requirements
        and delivered results that were “adequate” and acceptable to the auditor.
        Plus, we’ve done it in record time that no competitor is willing to match.
        We partner with law firms, cyber insurance companies, risk management firms, compliance consulting firms,
        IT service providers and cyber security firms to deliver the necessary expertise to meet your needs 
        fast

        Perform a Security Risk Assessment to meet audit requirements.

        Prepare

        • Always start with a risk assessment.
        • Mitigate risks identified in the risk assessment.
          • Create proper policies and procedures.
          • Create proper strategic plans.
          • Train your workforce and executives.
          • Manage your vendors.
        • Consider mock audits to improve cybersecurity and prepare for an audit.

        Maintain

        • Integrate cybersecurity into your Standard Operating Procedures.
        • Insure you have proper insurance.
        • Insure you have proper cyber legal counsel.
        • Maintain body of evidence.

        Respond

        • When an audit occurs, you’ll be ready.
        • If you need assistance during the audit, we’ll be there.
        • Utilize a team, experts, insurance and legal counsel.  Don’t let one cost you dearly.

        Incident Response

        Rapid response to contain and reduce the damage.

        Create an Incident Response Plan to minimize damage and cost.

        It’s humiliating, embarrassing and frustrating to endure an incident when you’re not 100% prepared.

        Prepare

        • Always start with a risk assessment.
        • Create a comprehensive Incident Response plan.
        • Create a proper Contingency Plan (Business Continuity & Disaster Recovery Plan.
        • You’ll need a real Risk Management Plan too.

        Practice

        • Mitigate risks identified in the risk assessment.
        • Schedule and perform “live” drills using plans.
        • We have strategic partners that can assist.
        • Rinse & repeat, it improves your cybersecurity & compliance.

        Respond

        • When the incident or breach happens, you’ll be prepared.
        • If you need assistance during the event we’ll be there.
        • Rinse, but try not to repeat.

        Strategic Partners

        Trusted partners to help you protect your data and business.

        Insurance, legal, technical, MSPs, MSSPs and legal forensics.

        Insurance

        Having the correct insurance coverage is important.  If you’re agent can’t explain your policy in terms you understand, find a new agent.  Choose wisely or you will likely pay dearly.

        Legal

        No one wants to hire or retain a lawyer.  But, not having an experienced cyber and compliance lawyer can increase your pain, suffering and fines.

        Technical (MSPs, MSSPs)

        If your IT department or MSP doesn’t have a CISO or a highly skilled cybersecurity expert you need to find one immediately.  We can help improve your team.

        Legal Forensics

        Sometimes you simply need the best to process the breach properly and legally.  Only certified examiners should do this.

        Get your FREE

        Cyber Risk Score

        in less than five minutes with
        Cyber Quick Check.

        Let us help you get

        Cyber Confident

        Get your FREE Cyber Risk Score

        in less than 5 minutes with Cyber Quick Check.

        Let us help you get

        Cyber Confident