In today’s complex IT environment, every organization needs to balance its users’ technology needs — speed, ease of use and convenience — against the critical need to keep information safe and secure against a variety of sophisticated threats and potential liability.
Clearview Group will partner with you to evaluate your environment and provide real solutions to assist your IT department in strengthening controls.
Our team is comprised of leading IT audit, governance compliance and security professionals with significant international experience across all industry verticals. We’ll help you ensure systems operate optimally to support your organization’s strategic vision.
Audit & Assessment
Understanding how IT risks impact your overall Enterprise Risk Management framework is critical in today’s technology-dependent world. Our team can manage your entire IT risk assessment project, or we can integrate our technical expertise into existing risk management processes. Clearview’s IT risk assessment methodology combines leading best practice frameworks, such as COBIT 5 and NIST 800-30, with decades of real world experience to deliver practical results that are meaningful to both IT and business leaders.
Ensuring IT is delivering value and supporting the organization’s strategic plan is critical. Our IT governance assessment methodology leverages common frameworks, such as COBIT 5 and ISO 38500, to deliver powerful results based on our team’s collective experience in IT and IT security leadership positions. Our unique approach and combined experience make sure IT and security functions aren’t viewed in isolation but are evaluated under the overall corporate governance model.
Security threats facings organizations of all sizes are constantly evolving. All companies with an Internet presence are either active or passive targets, and your leaders want to know the susceptibility to a security breach.
Our proprietary security assessment methodology was developed by leading security and IT audit professionals and delivers a tangible answer to the likelihood and probability of a breach. We combine innovative, leading-class technical tools with a proven approach that presents real security analytics in a business-focused, risk-centric manner.
Simply put, we take technical results and produce actionable deliverables that focus on business risk, not technical jargon.
Clearview has extensive experience assisting companies — from pre-IPO to the Fortune 50 — with IT SOX compliance needs. Whether your organization is just getting started or has complied for years, our methodology gives you an IT SOX program that operates efficiently and achieves maximum reliance from external auditors. We also have the tools and experience to refine and optimize an existing IT SOX Program to improve reliance and maximize value by rationalizing risks, key controls and evidence retention.
For organizations with a global presence, it is essential to understand the requirements and the associated risks for data privacy, data security, human resource data, IT operations and governance mandated by international governmental entities like the European Union (EU) and the Dubai International Financial Center (DIFC) as well as the country-specific laws such as the Australian Privacy Principles (APPs), Canada’s (PIPEDA) or Argentina’s Personal Data Protection Law (PDPL).
In past years, organizations relied on Safe Harbors and Work Counsel Agreements to help mitigate a host of risks. This is no longer considered an acceptable method of reducing risk. An increase in cyber-crime and nation state attacks have led governments around the world to mandate an ever-increasingly more complex set of requirements on organizations who move data across borders and within countries themselves.
Our team has individuals with the practical experience of working within these regions over the years who can advise and assess the risks your organization may have when doing business internationally.
Whatever the industry, the technology or geography, ISO standards are used to ensure safety, efficiency and quality are in place using an internationally recognized set of best practices. In the IT space, organizations want to be informed about the investment of time and money required for ISO certification for technology-related standards. They want to understand the gaps that exist in their current environment and the level of effort needed to prepare for the certification process.
Clearview is able to provide guidance based on experience with the ISO 27000 series of standards around information security. We can also provide a practical and cost-effective way of obtaining certification for standards within the ISO 27000 series on information security management, risks and controls within the context of an overall information security management system.
The Chemical Facility Anti-Terrorism Standards (CFATS) program identifies and regulates high-risk chemical facilities to ensure they have security measures in place to reduce the risks associated with these chemicals. Initially authorized by Congress in 2007, the program uses a dynamic, multi-tiered risk assessment process and requires facilities identified as high-risk to meet and maintain performance-based security standards appropriate to the facilities and the risks they pose.
Since each chemical facility faces different security challenges, Congress explicitly directed the Department of Homeland Security to issue regulations “establishing risk-based performance standards for security chemical facilities.” These Risk-Based Performance Standards (RBPS) are particularly appropriate in a security context because they provide individual facilities the flexibility to address their unique security challenges.
RBPS 8–Cyber is in place to “deter cyber sabotage, including preventing unauthorized on-site or remote access to critical process controls, such as Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCSs), Process Control Systems (PCSs), Industrial Control Systems (ICSs), critical business systems and other sensitive computerized systems.”
The comprehensive knowledge and methods needed to secure complex systems in a manufacturing or chemical facility are something that many organizations struggle with when attempting to become compliant and avoid fines. A pre-assessment and readiness review can identify a roadmap to success.
With the continual motion of the technology landscape, internal audit departments cannot hire full time resources with the expertise to adequately address their IT audit plan. Clearview’s breadth of technology and security resources enable us to fully support your IT audit plan. Our blend of IT auditors, IT and security practitioners makes us uniquely qualified to plan and execute IT audit projects or add subject matter expertise to an existing audit team. We have the capabilities to allow our clients to fully outsource the IT audit plan to us or we can provide supplemental assistance as needed.
Technology risk mitigation underpins most regulatory compliance areas. Our team has extensive experience in both auditing against compliance standards and managing the practical implementation of these standards. Our review methodology leverages our collective industry knowledge, proprietary process and technical tools to map out your compliance needs and identify where control or process gaps exist in the current environment.
SOC readiness assessments are critical to determine an organization’s timeline for a successful SOC 1, 2 or 3 audit. Our team has extensive experience assisting company’s scope and tailoring a SOC audit program that works for their particular business. Our SOC readiness methodology provides our clients a roadmap with practical recommendations to ensure a successful SOC audit engagement. As a Maryland-registered CPA firm, we also provide SOC 1, 2 and 3 audit services under the AICPA guidelines.
Policies and procedures are the foundation of any successful enterprise risk management & compliance program. We leverage our extensive experience to either create a full set of IT policies, standards and procedures tailored to your organization, or to review existing documentation and provide recommendations for improvement. We also have experience assisting clients with user education and frameworks to monitor user receipt and acknowledgement of key policies and procedures.
Our team has experience auditing the implementation, as well as functionally owning, DR/BCP programs. We work with our clients to design and implement processes that provide confidence your business will continue in the face of unplanned disruptions. We have the expertise to ensure all technology elements are properly integrated into the overall BCP program to achieve attainable recovery times and resumption of business services.
A key element of any organization’s ability to effectively leverage IT security technology is ensuring that the right network design and configuration is in place. Many IT security events can be avoided or mitigated by having the correct structure, allowing for a quicker recovery from the inevitable.
In today’s environment, it’s not a matter of whether you are going to be attacked or compromised, but how well you can identify and remediate once a breach or attack has occurred. Like building a house, a sound architectural design lays the foundation for effective IT security and compliance technical capabilities.
Clearview has the broad experience to advise clients on where their risks exist within their current design and help make the changes needed to reduce those risks.
We offer this assessment as a way to give clients a detailed view of active threats running in their environment, providing granular visibility. This is possible through strategic partnerships with leading IT Security Vendors. Among other benefits, the SLR can be conducted in a monitor-only configuration instead of being deployed inline.
It is installed passively in “tap mode” to monitor network traffic. While passive, the appliance provides detailed layer-7 visibility to applications, ICS protocols, content, threats and users. The SLR review has been an eye-opener to many security professionals and typically produces unexpected findings. Some findings are immediately actionable and other findings give insight to risks that may need further planning and investment to be properly addressed in the long term.
Some examples for this category of traffic include: unknown/encrypted traffic, risky Internet-facing applications, known and unknown malware and exploits, zero-day malware/APTs, and command and control traffic.
Clearview offers this service for organizations that have a need for someone to be responsible for the growth or operation of the IT Security function, but do not need this person full-time or need a temporary resource as part of a personnel transition or a business change.
Our virtual CISO service provides clients with guidance and leadership around IT security governance, policy, procedures, strategy and technology decisions. The team at Clearview has experience building, leading and running IT security departments at the executive level across a global footprint for both public and private companies.
When building an insourced or co-located datacenter or migrating to an outsourced or cloud-based solution, organizations need to consider many security design, compliance and contractual risks. The Clearview team has the experience that can provide insight into the risks and strategies around migrating datacenters both domestically and internationally.
Security Product Deployment and Consulting
Traditional port-based firewalls have become obsolete. In today’s IT landscape, firewall technology must include both deep packet inspection and an awareness of application behavior to effectively secure your data. This technology combines many of the old and new technologies around preventing and detecting malware, data leak prevention, zero-day threats and web-based attacks while allowing for user-specific traffic analysis through a “single pane of glass.”
Clearview is able to offer a review of your existing next-generation solution’s configuration and advise on its effectiveness. We can also review your current traditional solutions to see how a next-generation firewall (NGFW) could improve the effectiveness of your security posture and prevent financial and reputational losses.
In the event of a breach or attack, as well as a suspected inside threat, it is essential to be able to gather data that can be used to detect, mitigate or prevent a potential loss of data or services due to an adverse event. Clearview can assist clients with gathering information needed to complete internal investigations, reduce loss of data or detect malicious activities.
Clearview’s team has extensive experience with endpoint security solutions, strategies and technologies. With an ever-increasing mobile work place and the proliferation of the “Internet of Things (IoT),” an organization’s ability to control and track data inside and outside of its networks is becoming increasingly important.
Clearview’s experience can help Clients with their existing strategy, help with developing a new strategy or identify where current risks exist around data management.
Clearview is a channel partner with the leading vendors within the IT Security space, as well as with vendors that are on the cutting edge of new technology development for next-generation firewalls (NGFW), malicious code and attacks, network security analytics, asset tracking, and network and application control.
Clearview’s experienced sales team is comprised of security professionals who have spent years being responsible for purchasing, implementing, using and administering these same types of security solutions in real life IT environments — both in public and private companies.
Clearview is not simply a reseller of products but a strategic partner within the IT security technology and compliance space. This allows Clearview to be able to provide insight on how our suite of products can be used to mitigate risks — not only based on technical attacks, but also in terms of audit and compliance through the proper configuration and placement of these products specific to the Client’s business risks and compliance model.