security services

Get Started. It's Free
or sign up with your email address
Rocket clouds
security services by Mind Map: security services

1. Marketing

1.1. Website

1.2. Whitepapers

1.3. Presentations

1.4. Datasheets

1.4.1. Battle Card for non-managed Skybox service

1.4.2. Security Review/Assessment

1.5. PR

2. Business

2.1. Margin split

2.1.1. SW licence sales

2.1.1.1. Qualys

2.1.1.1.1. Split

2.1.1.1.2. Who does the client pay?

2.1.1.1.3. Should big be a reseller locally? Some clients will want to see local agency.

2.1.1.2. Skybox

2.1.1.2.1. Sofware

2.1.1.2.2. Gross margin 35%

2.1.1.2.3. Gross margin 10%

2.1.1.3. Edgescan

2.1.2. Reviews

2.1.2.1. X % on top of FC invoice

2.1.3. CISO

2.1.3.1. X % on top of FC invoice

2.1.3.2. base cost £1500

3. Services

3.1. Firewall management

3.1.1. PFSense

3.2. CISO Service

3.2.1. services

3.2.1.1. policy management

3.2.1.2. enaging with 3rd parties on infosec matters

3.2.1.3. controls assessment

3.2.1.4. managing improvements

3.2.1.5. link to SecOps

3.2.2. pricing

3.2.2.1. per reserved days

3.3. Security reviews

3.3.1. delivery

3.3.1.1. Template document

3.3.1.1.1. Excel sheet online

3.3.1.1.2. Possibly use Qualys SAQ

3.3.1.2. Remote review of responses

3.3.2. Pricing

3.3.2.1. employess?

3.3.2.2. Size of the network (systems)

3.3.3. 1st Priority

3.3.4. Technical assessments

3.3.4.1. Qualys

3.3.4.1.1. VM

3.3.4.1.2. Policy compliance

3.3.5. FAIR Institute - later

3.3.6. Benefits for auditors

3.3.6.1. translation ofg IT responses to auditor speak

3.3.6.2. highlight suspicios reposnses

3.3.7. Standards

3.3.7.1. ISO27001

3.3.7.2. NIST CSF

3.3.7.3. CIS Top 20

3.4. Security operations

3.4.1. Tools

3.4.1.1. Qualys

3.4.1.1.1. Indications of Compromise

3.4.1.1.2. Hardening assessment

3.4.1.1.3. Vulnerability management

3.4.1.1.4. Web application security

3.4.1.1.5. Services tiers

3.4.1.1.6. POC

3.4.1.2. Skybox

3.4.2. Benefits

3.4.2.1. Auditor

3.4.2.1.1. monitor complaince

3.4.2.1.2. monitor risk

3.4.2.2. CxO

3.4.2.2.1. reporting of risk

3.4.2.3. IT

3.4.2.3.1. knows what to do

3.4.2.4. Business function managers

3.4.2.4.1. knows risk to their applications

3.4.3. Selling

3.5. Cybersecurity awareness trainings

3.5.1. Online video delivery

4. BIG

4.1. Cyber

4.1.1. Security review

4.1.1.1. questionnaire led

4.1.1.2. partially automated

4.1.1.3. Levels

4.1.1.3.1. SIlver - Basic controls

4.1.1.3.2. Gold

4.1.1.3.3. Platinum

4.1.2. Technical Assurance Services

4.1.2.1. Qualys

4.1.2.1.1. Core

4.1.2.1.2. Specialist

4.1.2.2. Skybox

4.1.2.2.1. >500, High Risk, infrastructure rather than cloud services

4.1.2.2.2. Brings organisation at maturity level 4 to level 5.

4.1.3. Incident detection service

4.1.3.1. SIEM platform with feeds

4.1.3.1.1. Server logs

4.1.4. IT Review

4.1.4.1. Tiered packages

4.1.4.1.1. Platinum

4.1.4.1.2. Gold

4.1.4.1.3. Silver

4.1.4.1.4. Bronze (?)

4.1.5. CISO as a Service

4.1.5.1. Policies

4.1.5.2. Awareness & Education

4.1.5.2.1. Retainer

4.1.5.2.2. Monthly Comms?

4.1.5.2.3. phishing tests

4.1.5.3. GRC?

4.1.5.4. ad-hoc calls

4.2. Efficiency

4.3. Core, profits, big

4.4. Selling business