Capabilities

Company Info


CISO LABS is a minority owned small disadvantaged business specializing in Information Technology consulting and Management, Risk Management, Cyber Security and Privacy. Founded in 2013, CISO Labs mission is to provide end-to-end quality of service in design phase of revolutionary and evolutionary information architecture implementations and manage the synergies, security and co-dependence between people, processes and technology while sustaining end-to-end quality of service for IT deliverables in a controlled environment.

Our goal is to provide superior results for our clients, delivered with the highest standards of honesty, integrity, and quality. We are dedicated to establishing enduring professional relationships with each of our clients. Our firm views each engagement as an opportunity to demonstrate our unique ability to provide the client with specific, tailored solutions that achieve remarkable results.


Services/Capabilities



NAICS CODES

541512, 541519, 541690, 561621, 611420, 541910


CISOLABS focuses:

Information Technology: Consulting, Implementation, Integration Information Security: Forensics, Privacy, Risk Management

Cyber-Security and Privacy and offers the following services as our core competence.



Cyber-Security/Information Security

Information Assurance - Certification and Accreditation (C & A)
System Security Life Cycle (SSLC)
Software/System Development Lifecycle (SDLC) Security
e-Discovery and Computer Forensics
Information Security Controls Design, Implementation and Assessment
Information Security Metrics
Control Risk & Modeling Analysis/Assessments (SOX, SAS70, GLBA, FFIEC, GDPR, NY DFS 500 etc)
Information Security Framework Development and Implementation (CObIT, ISO 17799/27001, SAS70 Readiness)
Corporate IT Security Governance
E-commerce Security - Web Security (OWASP)
Vulnerability Assessment and Remediation
Penetration Testing and Remediation
Information Security Process and Control Optimization using Business Process Re-Engineering (BPR)
Cyber Security Awareness Training Programs
Network Security Architecture



Information Technology/Security Governance

Diagramming and Systems Documentation Development
Information Technology and Security Policy and Procedure Feasibility Studies, Design, Implementation, Testing and Metrics



Privacy

HIPAA/HITECH/GLBA/FFEIC Compliance
State Breach Law Compliance
Privacy Impact Assessment (Non-Public Information - NPI)

CISO LABS Team


CISO LABS Professional Qualifications:


Certified Information Systems Security Professionals (CISSP)
Information Systems Security Architecture Professionals (ISSAP)
Certified Secure Software Lifecycle Professionals (CSSLP)
Checkpoint Certified Security Administrators vNG (CCSA vNG)
Certified in the Governance of Enterprise IT (CGEIT)
Certified Information Systems Auditors (CISA)


Certified Project Management Professionals (PMP)
Microsoft Certified Database Administrators (MCDBA)
Microsoft Certified Systems Engineers (MCSE)
Microsoft Certified Professionals (MCP)
Network+ Certified Professionals (N+ -CompTIA)
Cisco Certified Network Associates (CCNA)


Our certifications align with DoD 8570 Baseline Certifications to include, but not limited to:

IAT Level III, IAM Level II, IAM Level III,
CND Auditor & IASAE I, II, III


Our professionals are grounded in professionalism, integrity, and efficiency. We make objective assessments of operations and share ideas for best practices; provide counsel for improving controls, processes and procedures, performance, and risk management; suggest ways for reducing costs, enhancing revenues, and improving profits; and deliver competent consulting, assurance, advisory, and facilitation services.

CISO LABS is a team of professionals possessing experience with commercial and government clients and associate directly with all levels of management. CISO LABS can quickly and effectively analyze complex situations and develop straightforward solutions tailored to an organization's needs.

Experience



The Management and Staff of CISO LABS has global experience in ensuring integrity, confidentiality, and availability of technology and business process resources. Demonstrated ability in reducing IT risk based on controls assessments/recommendations, ensuring corporate continuity based on business contingency-disaster recovery planning and change management-control, ensuring regulatory compliance based on IT audits/reviews and IT corporate governance (COSO), including SOX, GLBA, HIPAA, FISMA, DoD. Demonstrated ability in identifying security control weaknesses/vulnerabilities, performing gap analysis, assessing resultant risk/organizational impact.

CISO LABS has demonstrated ability in project planning/execution/tracking/reporting/closure, and developing Risk Management Plans. CISO LABS has proven ability to asses audit compliance with technology related compliance regulations such as SOX, GLBA, and HIPAA etc, by determining control weaknesses and recommending cost effective solutions to reduce risk and improve business performance.

CISO LABS has assessed technology related risk and controls' effectiveness in support of SAS 70 requirements for external audit-attest functions. Planned/budgeted/ lead/managed technology related compliance audits/security reviews in conjunction with operational/financial audits to ensure effectiveness of technology business controls. Scoped/planned/managed/troubleshoot client/auditee engagements/projects to complete satisfaction. Devised methodologies for painless and effective knowledge transfer to business and technical SMEs. Assess mutable real-time data and application systems with high-monetary value.

CISO LABS Engagements have included, but is not limited to:

Managing information security risk to ensure compliance to PCI DSS, SOX Compliance, DIACAP, FHFA Compliance et al.

Manage and implement information security controls for multi-platform multi-protocol environment, which reduced overall risk to business financials and other non-public information.

Manage Audit information security controls

Implemented Information Security Frameworks; including design of custom (proprietary) frameworks.

Work with Legal Counsel on Contracts and Vendor Relations - Negotiation of Statement of Work and Master Services Agreement to ensure security at inception or design.

Conduct security design tests.

Manage security goals and directives

Serve on Change Management Committees for Software Security evaluations, approvals and testing.