Keep Your
Business Safe

Security &
Compliance

What is the Ultimate Goal of Cybersecurity?

Let’s take a step back from all the acronyms, products, policies and all the other security word-cloud worthy terms that are part of the security environment.  Let’s examine what we are working to accomplish. 

Ultimately, security is all about protecting
our customers, employees, partners and our business!
  

https://zuggand.com/wp-content/uploads/2020/05/heart-lock.jpg

What are We Protecting?

Everything: our data, systems, processes, interactions and ultimately our reputation!

https://zuggand.com/wp-content/uploads/2020/05/four-gray-skeleton-keys-next-to-gray-camera-black-book-and-1416853-scaled.jpg

Security is Job Zero!

Meaning that security has to come before any other priorities! It has to be baked into everything that we do! Now if this seems a little daunting, well you’re right!  There is a ton here. So how do we take a systematic approach that will help us understand our risks, gain control and confidence to securely run your business?

Get a Security Check Up!

Protecting from Whom?

There are all sorts of bad actors out there that want to cause harm for multiple reasons that we won’t detail out right now. But the threats can also come from innocent mistakes made by our own employees. They can also come from not proactively addressing known vulnerabilities.

Connecting the Security and Business Dots

Security can mean a lot of things depending on your role and experience and if you have multiple people on your team this can get quite complicated quickly.  That’s why we love the Open Security Architecture (OSA) Security Taxonomy model to connect all the dots! It’s an easy diagram to help everyone in your organization to understand a high-level view of what your security model should include.

Before you say this is way too complicated, pause, and then read this chart out loud, slowly, starting in the top left.  Your Business Strategy is achieved through Business Processes. Your Business Processes run on IT Systems and Data Assets.  That’s pretty straight forward and makes sense. 

https://zuggand.com/wp-content/uploads/2020/02/bandicam-2020-02-05-11-44-02-359.jpg
https://zuggand.com/wp-content/uploads/2020/02/bandicam-2020-02-05-11-44-05-863.jpg

Your Business Strategy informs your IT Strategy & your Enterprise Architecture (EA).  Your EA guides your Solution Architecture and includes Security Architecture. You Solution Architectures instanciates to IT Systems & Data Assets.

Bottom left of the diagram, Laws & Regulations inform Policies.  Laws, Regulations & Policies require Controls. Controls are supplemented by Standards & Guidance.  Controls require Tests that are verified by Evidence. This is your vulnerability testing, application penetration testing, audits and other tests.  The Evidence is used to Certify your Business!

https://zuggand.com/wp-content/uploads/2020/02/bandicam-2020-02-05-11-44-16-245.jpg
https://zuggand.com/wp-content/uploads/2020/02/bandicam-2020-02-05-11-44-09-710.jpg

Back to Controls.  Controls are included in your Security Architecture and can mitigate Risks.  Controls can also protect IT Systems & Data Assets which:

  • Can have Issues that impact Business Processes
  • Are Exposed to Threats
  • Have specific Vulnerabilities

Threats & Vulnerabilities affect your Risks.  Risks can potentially crystallize into Incidents.  Incidents impact your Business Processes and are remediated by Responses.

Compliance: Laws & Regulations

While connecting the dots, we talked about how Laws & Regulations inform Policies and require Controls.  What are these Laws & Regulations? Do we have to get a law degree to understand them? Where do we even get started? Many organizations are required to follow certain compliance frameworks.  You may be obligated to comply based on legal or contractual requirements.  But in many cases following these programs is really just best practice!

AWS Compliance Programs

There are so many flavors of compliance.  Here are just a few of the many compliance programs that AWS adheres to and supports:

GLOBAL

Cloud Security Alliance

CSA
Cloud Security Alliance Control

https://zuggand.com/wp-content/uploads/2020/02/iso-160x160.png

ISO
International Organization for Standardization

Payment Card Industry Security Standards Council

PCI DSS Level 1
Payment Card Standards

System and Organization Controls

AICPA SOC
SOC for Service Organizations

UNITED STATES

Health Information Trust Alliance Common Security Framework

HITRUST CSF
Health Information Trust Alliance
Common Security Framework

United States Department of Defense

DoD SRG
DoD Data Processing

Federal Financial Institutions Examination Council

FFIEC
Financial Institutions Regulation

Federal Information Processing Standards

FIPS
Government Security

Federal Information Security Management Act

FISMA
Federal Information Security Management

United States Department of Education

FERPA
Educational Privacy Act

Health Insurance Portability and Accountability Act

HIPAA
Protected Health Information

US Securities and Exchange Commission

SEC Rule 17a-4(f)
Financial Data Standards

National Institute of Standards and Technology

NIST
National Institute of Standards
and Technology

FBI Criminal Justice Information Services Division

CJIS
Criminal Justice
Information Services

The Federal Risk and Authorization Management Program

FedRAMP
Government Data Standards

CANADA

Federal Information Processing Standards

FIPS
Government Security Standards

Personal Information Protection and Electronic Documents Act

Personal Information Protection and Electronic Documents Act (PIPEDA)
Canada’s Federal Private Sector Privacy Legislation

Health Information Act (Alberta)

Health Information Act (HIA)
Privacy Legislation in Alberta

https://zuggand.com/wp-content/uploads/2020/05/two-person-standing-under-lot-of-bullet-cctv-camera-374103-1280x853.jpg

Zuggand Compliance Expertise

Zuggand has a rich history in building and maintaining robust Security and Compliance programs.  With our deep public sector background we invested considerably in working with NIST, HIPAA, HITRUST, PCI, FERPA, FIPS, FedRamp, FISMA and other programs.  We developed a policy framework from the ground up to support multiple public sector entities and have worked in this space for nearly a decade now. Our strength is leveraging this knowledge and experience to make it simple to what you need to do in the shared responsibility model in AWS Cloud.

Security Architecture Principles

It is important to establish core security principles that you can build your security practice on!  AWS has developed a set of living best practices called the Well-Architected Framework (WAF).  The AWS Well-Architected Framework helps you understand the pros and cons of decisions you make while designing your critical systems. By using the Framework you will learn architectural best practices for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud. 

The Security pillar for the Well-Architected Framework has seven key principles for best practices which are:

  • Implement a strong identity foundation
  • Enable traceability
  • Apply security at all layers
  • Automate security best practices
  • Protect data in transit and at rest
  • Keep people away from data
  • Prepare for security events
https://zuggand.com/wp-content/uploads/2020/05/person-holding-black-pen-1109541-1280x853.jpg

Security Check Up

  • This field is for validation purposes and should be left unchanged.

Here's What Our Great Customers Have to Say!

It’s clear that they are passionate about what they do.

“The folks at Zuggand were extremely knowledgeable, friendly, and helpful with our AWS Well-Architected Review. It’s clear that they are passionate about what they do and are motivated to ensure that their clients are successful. The communication was excellent; it was prompt and professional. Their public sector focus and level of experience proved to be valuable for this (albeit small) project. I would recommend them without hesitation.”

– University of Alberta

The whole process was made very easy and seamless.

“Zuggand help migration my hosting platform to a new server and made several security updates. The whole process was made very easy and seamless. Zuggand mapped out exactly what they would be doing for us and carried everything out in a timely matter. Communication was also great; they communicated well with me and my old developer and were always available when I had questions. Perfect experience.”

– Reputelligent

They get things done when they say they will and exceed all expectations.

“These guys are not only smart, but responsive. They get things done when they say they will and exceed all expectations. It’s nice to know there are AWS specialists who can promptly attend to the details and get things done in a professional, competent manner. Hire them!”

– Precision Digit
Contact Info
602.529.4332
Chandler, AZ
https://zuggand.com/wp-content/uploads/2019/12/zuggand_logo_800x200-640x160.png
About Zuggand
Zuggand® is a technology consulting and services firm specializing in Cloud, IoT, Security, and AWS Staffing. We help organizations transform their business using modern digital technologies.
Advanced Consulting Partner

© Copyright 2020 • Zuggand • Handcrafted with love by Us!