Keep Your
Business Safe

Security &

What is the Ultimate Goal of Cybersecurity?

Let’s take a step back from all the acronyms, products, policies and all the other security word-cloud worthy terms that are part of the security environment.  Let’s examine what we are working to accomplish. 

Ultimately, security is all about protecting
our customers, employees, partners and our business!

What are We Protecting?

Everything: our data, systems, processes, interactions and ultimately our reputation!

Security is Job Zero!

Meaning that security has to come before any other priorities! It has to be baked into everything that we do! Now if this seems a little daunting, well you’re right!  There is a ton here. So how do we take a systematic approach that will help us understand your risks, gain control and have confidence to securely run your business?

Get a Security Check Up!

Protecting from Whom?

There are all sorts of bad actors out there that want to cause harm for multiple reasons that we won’t detail out right now. But the threats can also come from innocent mistakes made by our own employees. They can also come from not proactively addressing known vulnerabilities.

Connecting the Security and Business Dots

Security can mean a lot of things depending on your role and experience and if you have multiple people on your team this can get quite complicated quickly.  That’s why we love the Open Security Architecture (OSA) Security Taxonomy model to connect all the dots! It’s an easy diagram to help everyone in your organization to understand a high-level view of what your security model should include.

Before you say this is way too complicated, pause, and then read this chart out loud, slowly, starting in the top left.  Your Business Strategy is achieved through Business Processes. Your Business Processes run on IT Systems and Data Assets.  That’s pretty straight forward and makes sense.

Your Business Strategy informs your IT Strategy & your Enterprise Architecture (EA).  Your EA guides your Solution Architecture and includes Security Architecture. You Solution Architectures instanciates to IT Systems & Data Assets.

Bottom left of the diagram, Laws & Regulations inform Policies.  Laws, Regulations & Policies require Controls. Controls are supplemented by Standards & Guidance.  Controls require Tests that are verified by Evidence. This is your vulnerability testing, application penetration testing, audits and other tests.  The Evidence is used to Certify your Business!

Back to Controls.  Controls are included in your Security Architecture and can mitigate Risks.  Controls can also protect IT Systems & Data Assets which:

  • Can have Issues that impact Business Processes
  • Are Exposed to Threats
  • Have specific Vulnerabilities

Threats & Vulnerabilities affect your Risks.  Risks can potentially crystallize into Incidents.  Incidents impact your Business Processes and are remediated by Responses.

Compliance: Laws & Regulations

While connecting the dots, we talked about how Laws & Regulations inform Policies and require Controls.  What are these Laws & Regulations? Do we have to get a law degree to understand them? Where do we even get started? Many organizations are required to follow certain compliance frameworks.  You may be obligated to comply based on legal or contractual requirements.  But in many cases following these programs is really just best practice!

AWS Compliance Programs

There are so many flavors of compliance.  Here are just a few of the many compliance programs that AWS adheres to and supports:


Cloud Security Alliance

Cloud Security Alliance Control

International Organization for Standardization

Payment Card Industry Security Standards Council

PCI DSS Level 1
Payment Card Standards

System and Organization Controls

SOC for Service Organizations


Health Information Trust Alliance Common Security Framework

Health Information Trust Alliance
Common Security Framework

United States Department of Defense

DoD Data Processing

Federal Financial Institutions Examination Council

Financial Institutions Regulation

Federal Information Processing Standards

Government Security

Federal Information Security Management Act

Federal Information Security Management

United States Department of Education

Educational Privacy Act

Health Insurance Portability and Accountability Act

Protected Health Information

US Securities and Exchange Commission

SEC Rule 17a-4(f)
Financial Data Standards

National Institute of Standards and Technology

National Institute of Standards
and Technology

FBI Criminal Justice Information Services Division

Criminal Justice
Information Services

The Federal Risk and Authorization Management Program

Government Data Standards


Federal Information Processing Standards

Government Security Standards

Personal Information Protection and Electronic Documents Act

Personal Information Protection and Electronic Documents Act (PIPEDA)
Canada’s Federal Private Sector Privacy Legislation

Health Information Act (Alberta)

Health Information Act (HIA)
Privacy Legislation in Alberta

Zuggand Compliance Expertise

Zuggand has a rich history in building and maintaining robust Security and Compliance programs.  With our deep public sector background we invested considerably in working with NIST, HIPAA, HITRUST, PCI, FERPA, FIPS, FedRamp, FISMA and other programs.  We developed a policy framework from the ground up to support multiple public sector entities and have worked in this space for nearly a decade now. Our strength is leveraging this knowledge and experience to make it simple to what you need to do in the shared responsibility model in AWS Cloud.

Security Architecture Principles

It is important to establish core security principles that you can build your security practice on!  AWS has developed a set of living best practices called the Well-Architected Framework (WAF).  The AWS Well-Architected Framework helps you understand the pros and cons of decisions you make while designing your critical systems. By using the Framework you will learn architectural best practices for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud. 

The Security pillar for the Well-Architected Framework has seven key principles for best practices which are:

  • Implement a strong identity foundation
  • Enable traceability
  • Apply security at all layers
  • Automate security best practices
  • Protect data in transit and at rest
  • Keep people away from data
  • Prepare for security events

Security Check Up

  • This field is for validation purposes and should be left unchanged.

Here's What Our Great Customers Have to Say!

It’s clear that they are passionate about what they do.

“The folks at Zuggand were extremely knowledgeable, friendly, and helpful with our AWS Well-Architected Review. It’s clear that they are passionate about what they do and are motivated to ensure that their clients are successful. The communication was excellent; it was prompt and professional. Their public sector focus and level of experience proved to be valuable for this (albeit small) project. I would recommend them without hesitation.”

– University of Alberta

The whole process was made very easy and seamless.

“Zuggand help migration my hosting platform to a new server and made several security updates. The whole process was made very easy and seamless. Zuggand mapped out exactly what they would be doing for us and carried everything out in a timely matter. Communication was also great; they communicated well with me and my old developer and were always available when I had questions. Perfect experience.”

– Reputelligent

They get things done when they say they will and exceed all expectations.

“These guys are not only smart, but responsive. They get things done when they say they will and exceed all expectations. It’s nice to know there are AWS specialists who can promptly attend to the details and get things done in a professional, competent manner. Hire them!”

– Precision Digit
Contact Info
Chandler, AZ
About Zuggand
Zuggand® is a technology consulting and services firm specializing in Cloud, IoT, Security, and AWS Staffing. We help organizations transform their business using modern digital technologies.
Advanced Consulting Partner

© Copyright 2021 • Zuggand • Handcrafted with love by Us!