Program Assessment, Development, Staffing, & Education
Enterprise Security Assessment
Provides a security assessment and a method of keeping the assessment continuously current improving security agility and making resource planning easier by smoothing the work across the year.
- Comprehensive evaluation of risks and vulnerabilities to the confidentiality, integrity, and availability of your health entities PII, PHI and ePHI
- Identify gaps and safeguards that address compliance and provide next-generation risk reduction capability
- Align with enterprise imperatives, addressing policies that flow up to strategy and down to support controls
- Develop a maturity road-map to manage success and objectively evaluate risk
- Review technology effectiveness, personnel capability, physical and administrative controls
Program Assessment, Development, Staffing, & Education
405(d) Assessment
Assess healthcare organizations ability to accelerate a prescriptive and targeted approach to the five biggest risks in healthcare, the 10 leading practices, and the 23 control surfaces that maximize your investments in security capability and maturity. First Health advisors are experts on HICP 405(d) practices and benefits.
- The BIG 5: Accelerate cyber threat action and capability targeting;
- Ransomware
- Loss or Theft of Equipment or Data
- Insider, Accidental, or Intentional Data Loss
- Attacks Against Medical Devices
- Social Engineering
- Start Now to Reduce Risk: The 10 Leading Practices
- Email and Endpoint Protection Systems
- Access Management and IT Asset Management
- Data Protection and Loss Prevention
- Network and Vulnerability Management
- Incident Response
- Medical Device Security
- Cyber Policies
- Map findings and requirements to the controls that result in the biggest risk impacts
Program Assessment, Development, Staffing, & Education
3rd Party Risk (Supply Chain) Assessment
Helps healthcare organizations manage vendor security risks by providing a tool to be aware of and manage vendor security risks assessments for the companies that healthcare organizations buy products and services from.
- Assess: review current 3rd party (vendor/supply chain) risk process, develop recommendations, and craft plan for program capability and maturity
- Identify and prioritize critical vendors based on enterprise impact
- Assess risk to enterprise related to 3rd part interaction or relationship
- Risk education to key stakeholders
- Continuous monitoring capability
- Explore efficiency in assessment and automation
- Program support requirements: Determine on-going technology, personnel, and policy requirements
- Scalable managed services enablement based on key findings and requirements
Program Assessment, Development, Staffing, & Education
Cloud Security Assessment
Address a broad market need in understanding how to manage cloud security in Microsoft Azure and AWS environments. Identifies current risks and provides a roadmap to a standard model and framework.
- Review regulatory requirements from a technical perspective and a healthcare standard perspective (NIST, CSA)
- Understand best practice for CSP’s as they support your digital health environment
- Assess your cloud security program and current state deployments across the enterprise
- Refine roles and responsibilities for cloud security to build a program road-map
- Assess 3rd vendors utilizing cloud based platforms
Program Assessment, Development, Staffing, & Education
MS 365 Platform & Security Assessment & Services
Addresses a need for specialized security & leading practices knowledge for MS365. Identifies gaps in security, configuration, practices, operations, and provides remediation and roadmap services against CIS benchmarks for better business risk decisions related to the platform.
Program Assessment, Development, Staffing, & Education
AWS Platform & Security Assessment & Services
Addresses a need for specialized security & leading practices knowledge for AWS. Identifies gaps in security, configuration, practices, operations, and provides remediation and roadmap services against CIS benchmarks for better business risk decisions related to the platform.
Program Assessment, Development, Staffing, & Education
Ransomware Prevention & Recovery Assessment
Addresses a prevalent and highly publicized type of security incident. Identifies the most critical gaps/risks and mitigation recommendations
Program Assessment, Development, Staffing, & Education
Disaster Recovery Assessment
Addresses a universal need to understand security posture and readiness to recover from a disaster. Service includes an assessment of and a roadmap of recommendations for staff, systems, and structure to accomplish desired recovery objectives.
Program Assessment, Development, Staffing, & Education
M&A Target Entity Assessment
Provides specialized knowledge and processes that are irregularly or infrequently needed and therefore not maintained in-house. The assessment identifies the target’s current security posture enabling the purchasing organization to contract and price appropriately pre-purchase, and to plan remediations post-purchase.
Program Assessment, Development, Staffing, & Education
Cyber Insurance Renewal & Readiness Assessment
Cyber insurance policies are quickly becoming more difficult to obtain, rates are higher, and premiums are inadequate for the risks assumed. First Health knows what carriers are asking for and what you need to do to prepare for policy renewal. Our policy experts work with your team to position your organization for the best outcomes and coverage based on your requirements.
Program Assessment, Development, Staffing, & Education
Fractional vCISO Services
Provides CISO-quality support and expertise for organizations unable to budget for or recruit a full time CISO
Program Assessment, Development, Staffing, & Education
CISO Strategy & Support
Provides support to busy CISO or CISO with specialized knowledge not in house
Platforms Selection, Implementation, Integration, & Staffing
Advanced Threat Protection Platforms & Services
Full range of services for CrowdStrike – Standard, Premium, Complete
Only staff augmentation for other applications
Platforms Selection, Implementation, Integration, & Staffing
Threat Prevention & Recovery Solutions
Full range of services for Virsec – x86/x64 Windows Server Threat Prevention
Platforms Selection, Implementation, Integration, & Staffing
Vulnerability Management Platforms & Services
Full range of services for Tenable.io & Tenable.sc
Only staff augmentation for other applications
Strategic Services
Managed SIEM (Security Incident & Event Management)
Cloud Managed SEIM – Program Management & Engineering Implementation Services
Strategic Services
Managed SOC (Security Operations Center)
Cloud Managed Security Operations Center (SOC) focused on security incident monitoring & alerting services
Strategic Services
Managed NOC (Network Operations Center)
Network Operations Center (Business Hours and 24×7) focused on operational monitoring and alerting for enterprise IT infrastructure services and solutions.
Strategic Services
Managed IT Services
Full, Functional, and Staff Aug Managed IT Services in support of customer’s products and services
Strategic Services
URGENT Incident Management & Response
Emergency Incident Response Services focused on providing incident management, response, and remediation of security incidents.
Strategic Services
Incident Recovery Services
Rounding out the full compliment of security services and solutions will be a recovery service we can provide to customers managing their recovery efforts.
Strategic Services
Penetration Testing
Provides External and Internal Penetration Testing services and reports to go along with our Security Risk Assessment services.
