The ACT CyberSecurity System



  • What is the ACT CyberSecurity System?

    The
    ACT Strategic CyberSecurity System is a standards-based system to
    show you what you need to do to create the most effective
    cybersecurity program possible. Prepared
    by a senior security engineer from Atlanta Cloud Tech, the
    CyberSecurity System shows
    you the specific steps you need to follow to clean up your business
    security vulnerabilities. The CyberSecurity
    System initial diagnostic report
    will take from three to five weeks to prepare. We use the Payment
    Card Industry Digital Security Standard (PCI DSS)1
    as a basis for the system, and this means our report will make sense
    to any PCI expert. If you are required to use a 3rd-party QSA
    company for annual PCI assessment, the diagnostic report will reduce
    the amount of time and money the assessment takes.

Questions the ACT CyberSecurity System diagnostic report will answer

  • Are we spending the right amount on cybersecurity?
    • Some companies have a good idea what their vulnerabilities are, but just don’t take them seriously enough.
    • Some companies spend too much because they lack the skills to balance their risks against their security ROI.
  • Are we spending that money in the right places?
    • Building a wall will not stop birds from coming into your orchard and eating the low-hanging fruit.
    • Putting a mesh enclosure over the entire orchard will not stop a flash flood from tearing down half your trees.
  • Are we prepared in the event of a disaster?
    • Do we have a disaster recovery plan in place, and how often do we test the plan?
    • How sure are we that our back-ups are recoverable, and how long will we be down?
    • How long is it going to take to discover we have a problem?
  • Is there a plan for business continuity?
    • Have we designated our key employees, and do we have a succession plan in the event that one of these key employees can no longer act in that function?
    • Do we have a backup site to work from if our main location is taken offline?
    • Do we have the proper insurance coverages?
  • Do we have an asset management plan?
    • Assets that are unknown or forgotten within the company can be lost or left running with no useful business purpose, wasting money.
    • Assets become obsolescent. Hardware and software age out of support, and get more vulnerable with age. Do we have a policy for hardware and software lifecycle?
  • Are our business practices and procedures up to date?
    • Business procedures and workflows need to change as the business environment changes, with new opportunities, mergers & acquisitions, and changes in the legal landscape.
    • The best practice is to maintain annual reviews, and make changes supported by standards and procedures.

To get a customized solution built for your business’s compliance needs, contact info@ Fireflysecurity.pro.

1 The PCI DSS standards Documents reside at the PCI Security Standards Council’s website. https://www.pcisecuritystandards.org/