Cyber attacks can devastate an organization’s financial and reputational health very rapidly. Cyber risks must therefore be approached with constant vigilance and attention. Identifying and addressing cybersecurity vulnerabilities is a critical requirement for every company. Cyber risk is increasingly on the radar of boards and senior leadership as part of the discharge of their duties. And, it’s top of mind for many governments and regulators worldwide. A holistic, integrated and interdisciplinary approach that includes proactive planning to improve cybersecurity posture is essential.
Cyber resilience is an organization’s ability to prepare for and defend against business disruption caused by cyber attacks, including the capacity to detect intrusions, operate during and recover from disruptions, and adapt and grow from each attack.
Our approach takes a 360-degree view of cyber risk, supported by rigorous analytics. We start by conducting an independent assessment to understand the current state of an organization’s physical and data security posture, and prioritize risks by:
Selecting an appropriate security standard (NIST, HIPAA, ISO, PCI, Safeguards Rule, etc.)
Prioritizing a company’s “crown jewels” – their most valuable data and intellectual property
Prioritizing the motives of potential attackers
Analyzing vulnerabilities relative to current threat intelligence
Developing and prioritizing risk scenarios based on likely attack vectors and the method of operation of attackers across industry
We then recommend solutions to company leadership – ranging from CIOs and CISOs to members of senior leadership and the board – that align with an organization’s business objectives, both protecting and propelling the enterprise forward. This is not a routine check-the-box compliance exercise – we help companies identify their most significant cybersecurity gaps, providing expert insight into how best to close them, decreasing the possibility of a breach.
Our work doesn’t end with making recommendations. We implement our strategy and continuously improve defenses by helping companies judiciously apply available budget to people, process and technology investments. We can also monitor digital assets and real-time threats, with the integrated ability to activate our cyber response team when needed.
Our capabilities include:
Incident Readiness Assessment
Comprehensive Risk Assessment via Interviews and Automated Tools
Rocco Grillo is an Executive Managing Director serving on Stroz Friedberg’s executive management team. In this role, Mr. Grillo is responsible for the oversight and supervision of the firm’s global Cyber Resilience business, which includes the teams that perform cybersecurity, incident response investigation, red team penetration testing, and application security services. He serves as a trusted advisor to clients, including boards and executive management teams, on a broad range of ...
James M. Aquilina is the Senior Executive Managing Director of the firm, a member of the Stroz Friedberg Executive Management team and leads the firm’s global Digital Forensics practice. He supervises numerous digital forensic, Internet investigative and electronic discovery assignments for government agencies, major law firms, and corporate management and information systems departments in criminal, civil, regulatory and internal corporate matters, including matters involving data breach, ...