Cybersecurity

Compliance

Dunbar has integrated the latest technologies to help our customers navigate the challenges of cybersecurity and protect the confidentiality of their information. Due to the growing number of threats in the digital space, the need for compliance and operational transparency has never been greater. As a managed services provider, we empower businesses to become compliant with all relevant laws, regulations and industry-best frameworks.

Center for Internet Security: CIS Controls

Dunbar implements CIS in our own Security Operations Center and for our clients through our managed security services.

The CIS Controls are a defined set of practices that reduce the vast majority of your organization’s vulnerabilities and most prevalent cyber-attacks. These guidelines provide a foundation for addressing additional security standards such as HIPAA, PCI DSS, and ISO/IEC 27002.

HIPAA Security Rule

Security Standards for the Protection of Electronic Protected Health Information (e-PHI) to maintain the Confidentiality, Integrity and Availability of data that is held or transferred in electronic form. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI.

Dunbar addresses HIPAA security through:

Managed Security Services:

  • Log Management (SIEM)
  • Intrusion Detection (IDS)
  • Vulnerability Scanning
  • Firewall Management

Security Tools:

  • Web Application Firewall (WAF)
  • Unified Threat Management (UTM)
  • Encryption

Professional Services:

  • Penetration Testing
  • Security Systems
  • Protective Services

 

PCI DSS Requirements

Minimum requirements for protecting credit card account data, set by the Payment Card Industry Security Standards Council to mitigate risks and ensure security controls are properly implemented. The Payment Card Industry Data Security Standard (PCI DSS) safeguards cardholder transactions and maintains security when storing, processing and transmitting data.

Dunbar addresses PCI DSS Requirements via:

Continuous Threat Monitoring

Dunbar provides intrusion detection, prevention and vulnerability scanning to fulfill specific compliance and reporting requirements. Dunbar’s 24/7 Security Operations Center (SOC) is staffed by experienced, certified professionals to ensure that key controls relevant to a broad range of compliance mandates are met.

Log Management & Review

Log management collects and normalizes log data from the entire IT infrastructure and presents it through an intuitive web interface. Our review service adds daily reporting by security analysts with eyes for detail and brains for finding the meaning in vast amounts of log data. Security Information and Event Management (SIEM) solutions provide real-time analysis, logging and reporting of security alerts generated by network hardware and applications.

Web Application Firewall

Web Application Firewall (WAF) blocks web application attacks with a combination of signature-based detection and application behavior profiling, stopping unauthorized activity before an attack compromises an application. Dunbar provides 24/7 monitoring and incident escalation with ongoing WAF tuning and management.

 

NIST 800-171

Published by the National Institute of Standards and Technology (NIST) to ensure that federal controlled unclassified information (CUI) is protected when processed, stored, and used in non-federal information systems and organizations.

Dunbar satisfies the 14 families of security requirements outlined in NIST 800-171:

  • Access Control
  • Awareness and Training
  • Assessment and Accountability
  • Configuration Management
  • Identification and Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Personnel Security
  • Physical Protection
  • Risk Assessment
  • Security Assessment
  • System and Communications Protection
  • System and Information Integrity

ISO/IEC 27002

Best practice recommendations by the International Organization for Standardization (ISO) for information security management including the selection, implementation and maintenance of information security management systems (ISMS).

Organizations that utilize the ISO/IEC 27002 guidelines:

Select controls within the process of implementing an ISMS based on ISO/IEC 27001;

Implement commonly accepted information security controls;

Develop their own information security management guidelines.

FFIEC

The Federal Financial Institutions Examination Council (FFIEC) is a formal interagency body who advocates for uniform principles, standards and report forms in support of established financial institutions.

In recent years, the FFIEC has taken the necessary steps to raise cybersecurity awareness on behalf of third-party service providers. Effective June 2013, the FFIEC announced the creation of the “Cybersecurity and Critical Infrastructure Working Group” to enhance communication, increase readiness and identify gaps in examination procedures to strengthen the oversight of cybersecurity.

Request an assessment

Open Form