CMMC | Consulting | management | assessment
The need for both physical and cyber security has never been more important than today. Implementing and maintaining an Information Security Management System is imperative for small, medium and large businesses alike. ISMS is our specialty, where we work with you through all phases of the ISMS program to include development, implementation, and maintenance while always looking at ways for continuous improvement. Your system will be developed for your specific needs, not a cookie cutter approach, as we understand each organization is unique and face their own individual threats. Call us today to see how we can help you design, implement, update and/or improve your ISMS through our risk sharing value structures.
CONSULTING | vCISO

Through our consulting and vCISO services, we help you achieve your security goals in an efficient, cost effective manner. We work with you to develop value added plans to meet your specific needs. We offer flexible hourly rates and per project pricing.
Call us today to schedule your FREE initial consultation!
– Regulatory Compliance
NIST / CMMC*
– Policy, Processes, Procedures
– Business Continuity /
Disaster Planning
– System Security Plans
– Network Configuration
– Physical Security
– User Awareness Training
MANAGED SERVICES

Developing and implementing your ISMS is only the beginning. When it comes to an effective security posture, maintenance and accountability of your program is imperative. Our managed services are focused on ensuring your program is up to date at all times, producing the best risk mitigation environment possible. Managed services are annual and multi-year contracts, billed monthly.
– NIST / CMMC*
– ISMS Management
– Leadership Engagement
– IT Team Integration
– Audit Prep/Support
– Plan of Action / Milestones
– Monthly Reviews and Reporting
– Continuous Improvement
Risk ASSESSMENTS

Risk Assessments are essential to understanding how well your ISMS or network is postured to defend against daily threats. We work with you to develop the best assessment scenario for the given project, specific to the objectives outlined. Risk Assessments are priced per project, based on the size of the organization, network(s) and desired outcomes.
– NIST / CMMC**
– Baselining / Gap Analysis
– Pre-Audit Review
– New Infrastructure Installs
– Network Configuration / Updates
– Physical Security Review
– Cooperative Risk Assessments
– Readiness Reviews
* Phy-Cy.X is a Registered Provider Organization as recognized by the CMMC-AB authorized to conduct CMMC consulting, management, pre-assessment and readiness review services
** Risk Assessments may be accomplished by trusted third party entities and are not CMMC certification assessments as those are only authorized through C3PAOs
NIST & CMMC Services
Check out our CMMC page for more information and updates
business impact….the “so what” metrics
Average Cost of a Breach in the United States:
Average Cost <500 Employees:
Top 4 Cost Factors:
#1 – Lost Business:
# Days to Identify Breach:
Top 3 Cost Multipliers:
Top 3 Cost Mitigators:
$8.14M
$2.74M ~ $3,255/Employee
Detection, Communication, Post Response, Lost Business
$1.42M (Avg) ~ 36% of overall cost
206 Human Error / 314 Malicious Attack
Third Party Breach, Compliance Failures, Cloud Migration
Invest InfoSec Services, Technology Employment, Encryption
The above stats were provided by IBM Security/Ponemon Institute “Cost of a Data Breach Report 2019“…for more detailed information visit: https://databreachcalculator.mybluemix.net/executive-summary