Security Services Offering

We take a holistic view of our client’s business priorities and create opportunities to address the risk to the most valuable business assets and implement an effective Cybersecurity Program to monitor and respond to threats.

Diagnostics

It makes sense to have an independent consultant test the security weaknesses of your Information Systems infrastructure. RMG provides this service; we will provide independent, unbiased, technically-qualified security assessments.

Vulnerability Scanning Automation

We use a variety of tools and techniques to examine your information systems for security holes and misconfigurations. 

Penetration Testing scripts

We simulate an attack on your information systems and applications. The focus of the penetration test is to determine what attackers can access and what damage they can potentially cause. 

Web Application API Assessments

This assessment focuses on a runtime analysis of your internet, intranet, and extranet web-based applications with the intent to expose weaknesses or vulnerabilities within your applications 

Mobile Device Forensics

 This on premise assessment will reveal the security holes in your wireless infrastructure and provide consultation on how to remediate 

Incident Response Review

 After an incident has taken place RMG will give an analysis of why and how the incident happened. It is crucial for determining appropriate countermeasures to prevent the recurrence. 

Information Systems Audits

These audits will review and benchmark multiple areas of your organization to identify operational practices and systems configurations that represent a risk to your sensitive information.

Threats & Risk Assessments

Understanding and assessing risk is one of the most fundamental ways your organization can improve your information security decisions. An RMG risk assessment formally documents the risks associated with your Information Systems and sensitive data assets based on the threats to the system and the vulnerability of the scheme to those threats and the potential impact of a security breach on the system. Risk assessments are conducted annually to account for changes in your operational environment.

Remediation Guidance

An assessment is just the first step towards enhancing your security posture. The all-important next step of remediating vulnerabilities often requires the high-level technical expertise of our professionals.

Compliance Assurance

Achieving compliance with industry standards does not have to be as complicated as it seems. Regardless of the norm, RMG will guide you through the validation of conformity processes quickly and smoothly.

PCI DSS

RMG consults with client organizations (merchants and service providers) that store, process or transmits payment card data. If your business falls into this category, we can ensure your business practices comply with the Payment Card Industry Data Security Standard (PCI DSS). 

HIPAA, PHIPA or PIPEDA

Health care institutions are required by law to protect the privacy of Protected Health Information (PHI), by the Health Insurance Portability, and Accountability Act (HIPAA) in the United States. In Canada, the Personal Health Information Protection Act (PHIPA) and the Personal Information Protection and Electronic Documents Act (PIPEDA). RMG will ensure your information systems and policies are compliant with these standards. 

ISO or COBIT

Clients who have adopted the framework of ISO/IEC 27002 (Code of practice for information security management) or Control Objectives for Information and Related Technology (COBIT), as a part of their overall Information Systems Risk Management and Security Policy Framework, look to us to help them continually verify compliance with these standards. 

SANS Top 20 CSC

The SANS Top 20 Critical Security Controls (CSC) define and guide strategies for effective cyber defense solutions. It is a valuable checklist that RMG uses to help security and IT managers evaluate how their systems and policies address major threats and vulnerabilities. 

 

Technology & Managed Security Services

Risk Management Group’s complete suite of managed security solutions takes care of everything you need to keep your data, email, website, networks, applications, and mobile devices safe and working for your organization.

Cloud Security Devices

SIEM, IDS, and Threat Filtering Devices are critical components of your enterprise network security infrastructure. A Perimeter Best Practices Review is performed to: 

 

  • Use a relatively simple mechanism to significantly strengthen your organization’s perimeter security and network segmentation.
  • Verify that cloud segmentation, in fact, meets best practices and supports your business needs.

AWS Best Practices Review

  Allow us to safeguard your server and applications securely. We focus on the following:

 

  • Server configuration & Policy configuration Review using CIS/NIST Risk Practices.
  • System & Device Hardening – eliminate as many security risks as possible, done by removing all non-essential rules/policies, whitelisting software programs, and services.

DEV SEC OPS

RMG offers a Mobile Security Management program that helps organizations build a risk management framework that is inclusive of mobile devices. Delivered by senior consultants with hands-on experience in security management and governance, the program evaluates your readiness for adopting mobile technology, with a managed and acceptable level of risk. 

Technology Sourcing & Implementation

At Risk Management Group, we partner with the top vendors in the security market to provide the hardware and software you need to keep your networks safe. You need a partner who can not only supply products but also helps you decide which technologies to purchase to meet your requirements best, which is where RMG Security adds value. 

Package Options

Our objective is to provide a suite of services that works best for your business environment.

 

The following packages are options to consider, call us today for a free initial consultation to understand what customized service package would work best for your business environment.