The digitization of almost every aspect of business, combined with the increased connectivity of people, devices, and organizations, has created a complex security landscape, leaving enterprises vulnerable to cyber risk.
Whether you’re researching a new market or optimizing your systems to comply with complex regulation, collecting and analyzing data is mission critical. In our digital and increasingly borderless world, companies also need sophisticated strategies and tools to find information, detect violations, uncover evidence, and comply with regulations.
Safeguarding computer related intellectual property (IP)—patents, trade secrets and copyrights—is a strategic priority for businesses that depend on the development and monetization of information. But in a digital and connected world, IP misappropriation is rampant.
In our digital and increasingly borderless world, companies need sophisticated strategies and tools to cost-effectively uncover evidence and comply with litigation-related discovery and disclosure requirements. In this environment, the risks of a breakdown are ever-present and come with major implications.
Cyber attacks can devastate an organization’s financial and reputational health very rapidly. Cyber risks must therefore be approached with constant vigilance and attention. Identifying and addressing cybersecurity vulnerabilities is a critical requirement for every company. Cyber risk is increasingly on the radar of boards and senior leadership as part of the discharge of their duties. And, it’s top of mind for many governments and regulators worldwide. A holistic, integrated and interdisciplinary approach that includes proactive planning to improve cybersecurity posture is essential.
Cyber resilience is an organization’s ability to prepare for and defend against business disruption caused by cyber attacks, including the capacity to detect intrusions, operate during and recover from disruptions, and adapt and grow from each attack.
Our approach takes a 360-degree view of cyber risk, supported by rigorous analytics. We start by conducting an independent assessment to understand the current state of an organization’s physical and data security posture, and prioritize risks by:
Selecting an appropriate security standard (NIST, HIPAA, ISO, PCI, Safeguards Rule, etc.)
Prioritizing a company’s “crown jewels” – their most valuable data and intellectual property
Prioritizing the motives of potential attackers
Analyzing vulnerabilities relative to current threat intelligence
Developing and prioritizing risk scenarios based on likely attack vectors and the method of operation of attackers across industry
We then recommend solutions to company leadership – ranging from CIOs and CISOs to members of senior leadership and the board – that align with an organization’s business objectives, both protecting and propelling the enterprise forward. This is not a routine check-the-box compliance exercise – we help companies identify their most significant cybersecurity gaps, providing expert insight into how best to close them, decreasing the possibility of a breach.
Our work doesn’t end with making recommendations. We implement our strategy and continuously improve defenses by helping companies judiciously apply available budget to people, process and technology investments. We can also monitor digital assets and real-time threats, with the integrated ability to activate our cyber response team when needed.
Our capabilities include:
Incident Readiness Assessment
Comprehensive Risk Assessment via Interviews and Automated Tools
Rocco Grillo is an Executive Managing Director that serves on Stroz Friedberg’s executive management team. He is also in charge of the firm’s Cyber Resilience business which includes the company’s incident responders and security scientists who deliver the firm’s proactive and reactive cybersecurity capabilities, Mr. Grillo regularly advises clients, including boards and executive management on a range of cybersecurity issues across all industries
In this role, Mr. Grillo is responsible ...
As Vice President in Stroz Friedberg’s Security Science practice, George G. McBride assists clients in proactively managing information security and privacy risks. With almost twenty years of information security experience, Mr. McBride brings a balanced technical and business perspective to aid organizations in managing a spectrum of physical and operational risks.
Prior to joining Stroz Friedberg, Mr. McBride was the Information Security Officer for Johnson & Johnson’s Information ...
James M. Aquilina is the Senior Executive Managing Director of the firm, a member of the Stroz Friedberg Executive Management team and leads the firm’s global Digital Forensics practice. He supervises numerous digital forensic, Internet investigative and electronic discovery assignments for government agencies, major law firms, and corporate management and information systems departments in criminal, civil, regulatory and internal corporate matters, including matters involving data breach, ...