Information Security Management - Citadel Information Group

Distrust and caution are the parents of security … Benjamin Franklin

From the Boardroom to the Firewall

Citadel Information Group is a full service integrated information security management and governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information.

We provide clients with CISO-for-Rent, Virtual-CISO, vCISO and other information security management services. We combine subject matter expertise, management proficiency, and, above all, skill in helping an organization make taking proper care of its sensitive and critical information a part of its culture.

We serve a wide variety of industries, including accounting, aerospace, broadcasting, business management, eCommerce, engineering, entertainment, finance, health care, insurance, law, manufacturing and distribution, market research, retail, and technology. We are especially proud of the work we do in support of the nonprofit community.

We are particularly adept at working with small and medium-sized organizations where we often provide a combination of management expertise, technology know-how, leadership, coaching and training.

As leaders in the Los Angeles information security community, we are experienced in security management best practices such as the NIST Framework, ISO 27001-02, CISSP, CISM, the Center for Internet Security, NIST 800-171, ITIL® and six-sigma as well as compliance requirements such as HIPAA HITECH, GLBA, PCI DSS and Breach Disclosure.

Assessments and Reviews

A targeted and effective cybersecurity strategy begins with an evaluation of your organization’s risks and vulnerabilities.

Assessments are vital tools in an organization’s ongoing need to improve its cybersecurity risk profile. We offer a full range of assessment services including:

Information Security Management and Compliance Reviews
Governance Reviews
Network Penetration Testing and Vulnerability Assessments
Web Application testing
3rd Party Security Reviews
Incident Response Plan Review
Business Continuity Plan Review
Comprehensive IT Evaluations
IT Vendor Security

Policies and Standards

We help you navigate the legal requirements pertaining to information security and breach disclosure laws. We are experts in helping organizations comply with:

The NIST Cybersecurity Framework
ISO-27001, 27002
Payment Card Industry (PCI) Data Security Standard
HIPAA HITECH Information Security Regulations
Gramm-Leach-Bliley Information Security Regulations
FTC Safe Harbor
New York State Cybersecurity Requirements for Financial Services Companies
California Civil Code 1798.81.5
Other Compliance Requirements

Information Security Management / Governance Programs

A successful information security program requires an ongoing process of top-down risk management and response. We design and implement information security management programs to meet your specific needs.

Chief Information Security Officer (CISO)
Information Security Strategy
Board and C-Suite Education
Information Security Policies and Standards
Asset Classification and Control
Security of Online Banking
Awareness Training and Education Programs
Compliance Management
Support in Meeting Security Requirements of Customers, Including Negotiating Requirements
Security Support During Key Person Replacement

Security Management of the Technology Infrastructure

Citadel works with IT staff and vendors to make sure the IT infrastructure is designed, implemented and maintained in accordance with information security requirements. We work to make sure IT staff has the necessary information security skills while providing technology management guidance and coaching to IT management. And for clients without their own project management infrastructure, we are able to take the project management lead.