CONSULTING SERVICES
Cyber Threat Solutions Inc. © ALL RIGHTS RESERVED.
Cyber Threat Solutions Inc.
This approach, if used smartly, can provide organizations with the breadth and depth of security controls necessary to fundamentally strengthen their information systems. This includes the environments in which those systems operate, which will contribute to systems that are more resilient in the face of cyber attacks and other threats.
Security: Organizations should protect PII (in all media) through appropriate security safeguards against risks such as loss, unauthorized access or use, destruction, modification, or unintended or inappropriate disclosure.
Data Quality and Integrity: Organizations should, to the extent practicable, ensure that PII is accurate, relevant, timely, and complete.
Use Limitation: Organizations should use PII solely for the purpose(s) specified in the notice. Sharing PII should be for a purpose compatible with the purpose for which the PII was collected.
Data Minimization: Organizations should only collect PII that is directly relevant and necessary to accomplish the specified purpose(s) and only retain PII for as long as is necessary to fulfill the specified purpose(s).
Purpose Specification: Organizations should specifically articulate the authority that permits the collection of PII and specifically articulate the purpose or purposes for which the PII is intended to be used.
Individual Participation: Organizations should involve the individual in the process of using PII and, to the extent practicable, seek individual consent for the collection, use, dissemination, and maintenance of PII. Organizations should also provide mechanisms for appropriate access, correction, and redress regarding use of PII.
Transparency: Organizations should be transparent and notify individuals regarding collection, use, dissemination, and maintenance of personally identifiable information (PII).
Accountability and Auditing: Organizations should be accountable for complying with these principles, providing training to all employees and contractors who use PII, and auditing the actual use of PII to demonstrate compliance with these principles and all applicable privacy protection requirements.
There are new families of privacy controls based on the internationally accepted Fair Information Practice Principles (FIPP). This provides a more holistic approach to information security and risk management. These principles are found in more detail in the NATIONAL STRATEGY FOR TRUSTED IDENTITIES IN CYBERSPACE (NSTIC) Appendix A - Fair Information Practice Principles (FIPPS). These FIPP principles from the NSTIC are shown below:
The motivation that continues to provide agencies with an integrated approach to cybersecurity is the “expanding threat space” which is characterized by an ever-increasing sophistication of cyber attacks. Many security controls and control enhancements have been and continue to be developed and integrated into cyber threat solutions such as (a) mobile and cloud computing; (b) applications security; (c) trustworthiness, assurance, and resiliency of information; (d) insider threat; (e) supply chain security; and (f) the advanced persistent threat.
COMPLIANCE AND CONTROLS
Cybersecurity compliance will continue to play catch-up to the ever-evolving cyber threats. Cyber Threat Solutions, Inc. (CTS) personnel maintain relationships with critical Federal Agencies and Industry Leaders so that we can represent the most comprehensive security controls solutions to our customers. Our personnel have over 50+ years of experience working closely with Agencies to include NIST, DoD, the Intelligence Community, and the Committee on National Security Systems (who are part of a Joint Task Force to develop cybersecurity solutions, an interagency partnership formed in 2009).