Distrust and caution are the parents of security … Benjamin Franklin
From the Boardroom to the Firewall
Citadel Information Group is a full service integrated information security management and governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information.
We provide clients with CISO-for-Rent, Virtual-CISO, vCISO and other information security management services. We combine subject matter expertise, management proficiency, and, above all, skill in helping an organization make taking proper care of its sensitive and critical information a part of its culture.
We serve a wide variety of industries, including accounting, aerospace, broadcasting, business management, eCommerce, engineering, entertainment, finance, health care, insurance, law, manufacturing and distribution, market research, retail, and technology. We are especially proud of the work we do in support of the nonprofit community.
We are particularly adept at working with small and medium-sized organizations where we often provide a combination of management expertise, technology know-how, leadership, coaching and training.
As leaders in the Los Angeles information security community, we are experienced in security management best practices such as the NIST Framework, ISO 27001-02, CISSP, CISM, the Center for Internet Security, NIST 800-171, ITIL® and six-sigma as well as compliance requirements such as HIPAA HITECH, GLBA, PCI DSS and Breach Disclosure.
Assessments and Reviews
A targeted and effective cybersecurity strategy begins with an evaluation of your organization’s risks and vulnerabilities.
Assessments are vital tools in an organization’s ongoing need to improve its cybersecurity risk profile. We offer a full range of assessment services including:
- Information Security Management and Compliance Reviews
- Governance Reviews
- Network Penetration Testing and Vulnerability Assessments
- Web Application testing
- 3rd Party Security Reviews
- Incident Response Plan Review
- Business Continuity Plan Review
- Comprehensive IT Evaluations
- IT Vendor Security
Policies and Standards
We help you navigate the legal requirements pertaining to information security and breach disclosure laws. We are experts in helping organizations comply with:
- The NIST Cybersecurity Framework
- ISO-27001, 27002
- Payment Card Industry (PCI) Data Security Standard
- HIPAA HITECH Information Security Regulations
- Gramm-Leach-Bliley Information Security Regulations
- FTC Safe Harbor
- New York State Cybersecurity Requirements for Financial Services Companies
- California Civil Code 1798.81.5
- Other Compliance Requirements
Information Security Management / Governance Programs
A successful information security program requires an ongoing process of top-down risk management and response. We design and implement information security management programs to meet your specific needs.
- Chief Information Security Officer (CISO)
- Information Security Strategy
- Board and C-Suite Education
- Information Security Policies and Standards
- Asset Classification and Control
- Security of Online Banking
- Awareness Training and Education Programs
- Compliance Management
- Support in Meeting Security Requirements of Customers, Including Negotiating Requirements
- Security Support During Key Person Replacement
Security Management of the Technology Infrastructure
Citadel works with IT staff and vendors to make sure the IT infrastructure is designed, implemented and maintained in accordance with information security requirements. We work to make sure IT staff has the necessary information security skills while providing technology management guidance and coaching to IT management. And for clients without their own project management infrastructure, we are able to take the project management lead.
- IT Security Management
- Secure IT Network Design
- Secure Cloud Usage
- Securing BYOD (Bring Your Own Device)
- Secure Maintenance of the IT Network
- Security Tools and Solutions
- Secure Software Engineering
- Technology security management reviews and assessments
- Application Security Test and Evaluation, incl Website
- Security Skills Development
- Technology & Security Management Coaching
- Security Project Management
Security Education & Culture Change
Citadel offers a full-range of awareness training and education programs, both for non-technical and technical staff.
- Staff Awareness Training
- Security Management Training
- Remote User Training
- Phishing Defense Training
- Staff Focus Groups
- Security Training and Coaching Programs for IT Management and Staff
Incident Response and Business Continuity (IR/BCP)
As Failing to Plan is Often Planning to Fail, Citadel provides clients both Incident Response and Business Continuity Planning Services.
- Incident Response Planning
- Information Continuity / Business Continuity / Disaster Recovery Planning
- Testing the Incident Response / Business Continuity Plan
- Table-Top IR/BCP Executive Exercises
- Incident Response / Business Continuity Plan Annual Executive Summaries
- Incident/Breach Response Services, including Forensics