logo

Select Sidearea

Area for extra info, links, etc.
[email protected]
+(610) 816-010

[email protected]

610-606-1404

mobile-logo
qodef-fullwidth-slider

The Operating System for CyberSecurity

CyberSecurity Resource Planning (CSRP)

The critical elements required by all Cyber Programs. Map your goals. Understand the Landscape. Identify your Problems. Prioritize your remediations. Track your Progress. CSRP is the Operating System for CyberSecurity.

Discover How
qodef-fullwidth-slider

Integrated Risk Management

Reducing Silos between Audit, Compliance, Risk, IT, and Cyber Teams

Rapid implementation of a mature and continuous program. Regulatory Alignment. Controls Adoption. Policies Defined. Audits Implemented. Risks Identified, reduced, planned for, and tested. Responsibility and Accountability assigned. Silos destroyed.

Discover How
qodef-fullwidth-slider

Network Mapping - Vulnerability Reduction

Identifying the Vulnerabilities from Within

The granular elements that make up your network are discovered, identified, whitelisted, categorized, mapped, scanned, and tagged for vulnerability and configuration issues. All tied back to what matters most, critical Business Imperatives.

Discover How
qodef-fullwidth-slider

Momentum Methodology

Mapping the Organization to Reduce the Risk

Rapid uptake of the Momentum Methodology (M2) allows your organization to tailor your Cyber Program to your organization. Understand the relationship between Business Imperatives, Business Functions, and all the way down Systems and Endpoints.

Discover How
qodef-fullwidth-slider

Cyber Culture Built In

Change the Culture and Change the Game

The Program is in place. The Risk is being Reduced. The Vulnerabilities are being eliminated. You’re not finished until you change the culture. Now adopt the most powerful Cyber Awareness training and testing program on the planet.

Discover How

ClearArmor – the Operating System for CyberSecurity™

Cyber Security Defined, Implemented, Deployed, Measured, Managed, Audited, & Verified for Your Enterprise
Achieving Compliance with NIST, ENISA, & GDPR

 

At a Lower Controlled Cost & with Fewer Staff Through Automated Software Processes

Timeline

M2 – Momentum Methodology

M2 is the bridge between Technology, Leadership, and Process. M2 provides a standardized method to understand, implement, and work toward continued improvement in CyberSecurity

CMO – Cyber Management Office

CMO – The Cyber Management Office provides the ability to governance and manage the individual efforts your organization must execute to achieve continued improvement in CyberSecurity

CM – Controls Management

CM – Controls Management aligns your organization to the frameworks and regulatory controls they have voluntarily, or are required to follow.

PM – Policy Management

PM – Policy Management provides the ability to document and communicate how policy relates to organizational controls.

AM – Audit Management

AM – Audit Management sets the ownership, governance, schedules, and processes for auditing that the policies and controls in effect.

RM – Risk Management

RM – Risk Management allows the organization to understand and manage the events, triggers, impacts, potential reductions, reduction progress, response plans, and documented testing of those plans.

ITAM – IT Asset Management

ITAM – IT Asset Management allows for the discovery, heterogeneous data source integration, data normalization, white listing, categorization, ownership, lifecycle management, and vendor management related to hardware and software assets.

VAC – Vulnerability and Compliance

VAC – Vulnerability and Compliances provides the mechanisms to identify Software, hardware, and configuration based vulnerabilities through integrations and interfacing to IT Asset Management, IT-Pedia®data, Open Source Vulnerability Scanning, and SCAP Scanning.

CC – Cyber Culture

CC-Cyber Culture leverages included InfoSec Institute CyberAwareness Training to eliminate risk at a key CyberSecurity breach vector, people. CC starts with the rapid, engaging, and short training sessions. CC follows with testing progress using documented scores and Phishing simulation testing across the organization.

DM – Data Mapping

DM – Data Mapping allows the organization to associate key granular data with other data, making collected information more powerful and meaningful to pre-built and custom dashboards and representations.

SOC Implementation: Malware Detected & Removed ● Rogue Accounts Closed ● Smart SEIM ● AI Implemented & Managed

Extended Capabilities: (SOC as a Service2 ● Secure & Compliant Hosting2 ● Threat Detection Gateway2 ● Independent Assessment2 ● Pen Testing2 ● Pre Built Policies & Unified Controls Mapping2

Advanced Methodology: 4 Phases ● 17 Stages ● Organization Wide Collaboration ● Fast Track to Assessment ● Fast Track to Adoption

Cultural Improvement: Cyber Awareness Training ● Phishing Simulation and Testing ● Asset Use

Intelligence: Charts ● Reports ● Dashboards ● Groupings ● Filters ● Data Source Catalogs ● Permissions ● AI Machine Learning1

Risk Response: Plans ● Plan Versioning ● Plan Acceptance ● Sub Plans ● Phases ● Steps ● Responsibilities ● Expected Outcomes ● Test Scheduling ● Test Results

Risk Management: Risk Domains ● Risk Types ● Risk Event Register ● Triggers Association ● Probabilities Association ● Quantification ● Prioritization ● Cost Analysis ● Reduction

Audit Management: Portfolio Management ● Granular Assignment ● Scheduling ● Status / Progress ● Process Definition ● Evidence Collection ● Results Acceptance

Cyber Management Office: Regulatory Frameworks ● Organization Structure ● Profiles ● Controls ● Policies ● Evidence Collection ● Responsibility ● Accountability

Data Mappings: Risk Objectives 2 Systems ● Systems 2 Business Functions ● Systems 2 Landscapes ● Endpoints 2 System Landscapes ● Subnet 2 Location

Technology Dictionary Management: Systems ● System Groups ● Landscapes ● Subnets ● Data Types

Business Dictionary Management: Risk Objectives ● Business Functions ● Country ● State/Province ● Location ● Roles ● Processes

Active Directory Scan: New Accounts ● Domain Admins ● Stale Devices ● Stale Accounts ● Locked Accounts ● Orphaned Objects ● Last Authentication

Data Discovery: Data Files ● File Usage ● Database Managers

Vulnerability Detection: Asset CVE ● Asset CWE ● SCAP Scanning1

Asset Hygiene: Patches Provisioned ● Missing Patches ● Configuration Acceptations

Asset Protection: Asset Base Lines ● Passive File Watch ● Active File Watch / Prevention

Asset Connectivity: Application Dependencies ● System Dependencies1 ● Port Flow Analysis

Asset White Listing: White Listing ● Provisional White Listing ● Black Listing

Asset Lifecycle Discovery: End of Life ● End of Support ● End of Extended Support

Asset Discovery: Hardware Assets ● Software Assets ● Hardware Verification ● Software Verification ● Asset Ownership ● Exhaustive Hardware Configuration Details

Latest News & Info

CyberSecurity - It's Not About Tools from ClearArmor Corporation

CyberSecurity – It’s Not About Tools

CyberSecurity isn't about tools, it's about reducing risk to your organization. Collaborative integration of key functions will dramatically improve your CyberSecurity posture. The orchestrated result is measurable risk reduction, vulnerability

Software Vulnerabilities Risk Remediation

Risk Reduction Through Software Vulnerability Identification and Reduction

Software Vulnerabilities Risk Remediation from Bruce Hafner

Pragmatic CyberSecurity and Risk Reduction ClearArmor

Pragmatic CyberSecurity and Risk Reduction

 Pragmatic CyberSecurity and Risk Reduction from Bruce Hafner

Equifax CEO to Testify before Congress

Equifax CEO Called to Testify Before Congress; Company Under FTC Probe

  The House Energy and Commerce Committee sent a letter to Equifax CEO Richard Smith formally requesting testimony before Congress. The cybersecurity breach, which was first discovered on July 29, targeted

cyberattack legal protections

Effective Legal and Regulatory Defense for CyberSecurity Incidents

  How would your organization defend itself in a court of law or to regulators in the event of a CyberSecurity incident?   This is a question that many organizations

Effective Metrics for CyberSecurity

Effective Metrics for CyberSecurity Enterprise Risk Management

  CEOs and Boards have identified CyberSecurity threats as a significant enterprise risk, governed with the same rigor and discipline as other corporate risk.   Effective governance depends upon robust

CyberSecurity Best Practices

Bad CyberSecurity Policy is Bad Business

  It is estimated that Cybercrime will cause losses in excess $6 trillion by 2025.   Many of these losses can be avoided through the implementation of effective CyberSecurity policies.

Spring Holiday Scams

  With the Easter and Passover holidays approaching, it is important to be wary of holiday-related scams.   Some of the most commonly seen scams include: Electronic “greeting card” software

Tax Season Scams CyberSecurity

Phishing Caution During Tax Time

  With tax season upon us, it is wise to be on guard for phishing and other attacks that can make it easy for others to assume your identity. Phishing,

Updated CyberSecurity Best Practices for Energy, Industrial, & Healthcare Networks

CIS and NIST recently updated their critical security controls and framework. The critical security controls and framework make us CyberSecuirty and Network Mangement Best Practices.   Cybersecurity breaches into energy, industrial,

[Webinar] A Team-Based Approach to CyberSecurity

  A Team-Based Approach to CyberSecurity: C-Level Executives, General Counsel, and Decision Makers – Security Challenges   CyberSecurity breaches mean big losses for companies, including headlines that drive away customers,