Information Security & Compliance

Risk Cognizance LLC implements safeguards that are compliant with NIST Cyber Security Framework and ISO27001 Certification. CyberSecOP has been awarded ISO27001 compliance by a certified third party to demonstrate our commitment to security. Risk Cognizance ensures best practices to provide security, integrity and confidentiality to covered data, information, systems, and assets. All employees understand and are under a Non-Disclosure Agreement (NDA) to ensure protection against data leakage.

Overview

Risk Cognizance LLC has implemented a security program that covers policy and control which complies with NIST CSF and ISO 27001. Has a technology firm we have multiple controls in place safeguarding our information technologies and complete third-party testing of all external and internal endpoint every six months to ensure the safeguards in place are working as they were meant to.  

Implement Safeguards:

 Data Protection: 

  • Risk Cognizance has implemented an information security program in compliance with NIST CSF and ISO 27001 which includes data privacy.

  • Risk Cognizance has implemented risk management and data management including vulnerability and penetration testing of endpoints.

  • Risk Cognizance has implemented following monitoring an auditing tools that are managed and monitored by our 24/7 security operations center: Data loss prevention (DLP), Security information and event management (SIEM), and Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), Mobile device management, Cisco Umbrella for DNS filtering, and Google for email protection and archiving.

  • Risk Cognizance uses NextGen firewall and antivirus with machine learning capability.

  • Risk Cognizance has implemented disaster recovery, incident response and business continuity procedures that are tested at least once a year

  • Risk Cognizance has an in house security team which includes a Chief Information Security Officer.

Authentication and Identity:

  • Risk Cognizance has implemented multi-factor authentication on all endpoint and applications using DUO gateway.

  • Risk Cognizance uses Microsoft centralization authentication system, which is monitored by our SOC Team

Risk Cognizance utilizes a framework using a risk-based approach to identify, inventory, and manage assets consistent with their relative importance and risk.

Information Protection Compliance:

Risk Cognizance use a risk-based approach to implement, assess, and monitor the necessary policies, processes, and procedures to comply in good faith with all applicable legal and regulatory obligations related to information protection.

Information Protection Program Governance:

Risk Cognizance uses a risk-based approach to implement, assess, and maintain an information protection program that is focused on information and technology risk, tailored to Risk Cognizance, and consistent with its risk tolerance and strategy.

Information and Technology Risk Management:

Risk Cognizance utilizes a framework using a risk-based approach to identify, assess, and prioritize information and technology risks; allocating resources to risk treatment plans to monitor and control the probability and impact of events to Risk Cognizance’ operations to a level consistent with its risk tolerance and strategy.

Account Management and Permissions

Risk Cognizance utilizes a framework using a risk-based approach to manage the lifecycle of accounts and their permissions so that access to information and technology is secure, and based on business need.

Awareness and Training:

Risk Cognizance use a risk-based approach to provide initial and continued, and measured training to enable its employees users to understand and carry out their information protection related responsibilities.

Capacity, Performance & Maintenance:

Risk Cognizance make reasonable efforts utilizes a framework using a risk-based approach to implement, assess, and maintain the capacity and performance of technology as well as perform periodic and timely maintenance for availability.

Change and Configuration Management:

Risk Cognizance utilizes a framework using a risk-based approach to implement, assess, and maintain baseline configurations and implement changes to technology in a controlled manner.

Information Security:

Risk Cognizance utilizes a framework using a risk-based approach to implement, assess, and maintain an information governance program that includes how Risk Cognizance protects information. 

Identification and Authentication:

Risk Cognizance use a risk-based approach to uniquely identify users and devices, and verify the identities of these users and devices before allowing access.

User Activities and Sanctions:

Risk Cognizance utilizes a framework using a risk-based approach to provide users with acceptable and unacceptable behaviors when using information and technology and enforce sanctions when deemed necessary.

Physical and Environmental Security:

Risk Cognizance utilizes a framework using a risk-based approach to limit and manage physical access to technology, equipment, and work environments to authorize individuals and to protect technology against physical and environmental hazards.

Secure System Development Lifecycle:

Risk Cognizance utilizes a framework using a risk-based approach to configure, develop, and secure technology as part of its system development life cycle.

Vendor Management:

Risk Cognizance use a risk-based approach to implement, assess, and maintain a vendor management program that includes how Risk Cognizance assessed treats, and monitors vendor information and technology risk.

Vulnerability Management and Flaw Remediation:

Risk Cognizance utilizes a framework using a risk-based approach to implement, assess, and maintain a vulnerability management program that identifies technology vulnerabilities and acts on any discovered flaws according to risk.

Cloud Security:

Risk Cognizance utilizes a framework using a risk-based approach to implement, assess, and maintain technical and administrative safeguards to protect information and technology in the cloud.

Internet of Things Security:

Risk Cognizance utilizes a framework using a risk-based approach to secure technology embedded with electronics and software which enables these items to connect and exchange information.

Mobile Device Management:

Risk Cognizance utilizes a framework using a risk-based approach to control and protect technology and information accessed by mobile devices.

Network Security:

Risk Cognizance utilizes a framework using a risk-based approach to implement, assess, and maintain technical and administrative safeguards to protect its internal network.  

Perimeter Security:

Risk Cognizance utilizes a framework using a risk-based approach to protect information and technology from outside threats through the creation and management of an appropriate perimeter.

Remote Access Technology:

Risk Cognizance utilizes a framework using a risk-based approach to implement, assess, and maintain technical and administrative safeguards to provide secure remote access.

Server Security:

Risk Cognizance utilizes a framework using a risk-based approach to implement, assess, and maintain technical and administrative safeguards to protect its servers.

Workstation Security:

Risk Cognizance utilizes a framework using a risk-based approach to implement, assess, and maintain technical and administrative safeguards to protect its workstations.

Telecom Security:

Risk Cognizance utilizes a framework using a risk-based approach to implement, assess, and maintain technical and administrative safeguards to protect telecommunications.

Wireless Security:

Risk Cognizance utilizes a framework using a risk-based approach to implement, assess, and maintain technical and administrative safeguards to protect its wireless networks and wireless connections.

Continuous Monitoring and Correlation:

Risk Cognizance utilizes a framework using a risk-based approach to implement, assess, and maintain a continuous monitoring plan that allows Risk Cognizance to identify suspicious activities and/or trends.

Incident Response:

Risk Cognizance utilizes a framework using a risk-based approach to implement, assess, and maintain incident handling and response capabilities which include the identification, containment, eradication, and recovery of incidents.

Business Continuity:

Risk Cognizance utilizes a framework using a risk-based approach to implement, assess, and maintain a business continuity plan that allows Risk Cognizance to operate with minimal downtime or service outage.

Disaster Recovery:

Risk Cognizance utilizes a framework using a risk-based approach to implement, assess, and maintain a disaster recovery program that allows it to minimize downtime and recover its information and technology to support critical processes after the declaration of a disaster event.