Security Training and Compliance Documentation

Security Documentation & Training Services

Our highly experienced and certified security engineers, white hats, and compliance (C&A) policy specialists provide technical documentation and training which maps in detail to each of the frameworks shown below.

  • Corporates: FTC, NIST, ISO, COBIT, SANS, OWASP
  • Finance-specific: SEC, NFA, CFTC, FFIEC, NYDFS
  • Healthcare-specific: HIPAA / HITECH

Training Services
On-site Training & Hacking Demonstrations
In order to add greater value for your organization, each training team comprises a cross-functional set of instructors with at least one certified information security policy expert (CISSP) and a combination of cyber forensics technicians and penetration testers (SANS-certified white hats), each of whom have extensive experience anticipating and mitigating real-world threats and attacks.

Our interactive training is highly engaging and includes a demonstration of one or more common network hacks which would be common to your environment. Our specialists can speak directly to the tactics employed by attackers today and will adapt their focus based on your firm’s infrastructure and operating environment.

The video below focuses on a very common form of attack, known as ‘Spearphishing,’ and is an example of our cyber team’s technical and training expertise.

Video: NES Cyber Training Demo – SpearPhishing

Customized Security Training
In addition to cybersecurity training for employees, we offer the following custom training services:

  • Senior management-focused and board-focused training
  • IT Admin-focused advanced training
  • Compliance and CISO-focused training
  • Training verification for 3rd parties (to comply with the SEC cyber requirements)
  • Periodic (quarterly or event-driven) ‘phishing’ simulations to assess employee readiness
  • Periodic (quarterly or event-driven) ‘spear phishing’ or ‘whaling’ simulations to assess the readiness of senior management, Compliance and other C-level officers, IT Admins, etc.

Documentation Services
What Sets Us Apart
As with our Training services, our Documentation services are somewhat unique in that, unlike many 3rd parties, our documentation specialists carry deep certifications and have hands-on experience in both the technical and security aspects of the latest regulatory guidelines.  They understand the intent and the details behind the security regulations; and they have the experience and judgment, for example, to interpret and verify critical data being provided by your in-house IT staff and 3rd party vendors.

Custom Solutions
We also tailor our documentation services to meet your company’s needs.  Rather than hand you a bunch of forms to fill out on your own, we provide a template for each policy or plan that you might need, and then we work with your compliance representative, your IT staff, and your 3rd parties (as needed) to customize and complete the documentation for you.   Once we complete this process, which typically takes about a week, we then hand-deliver (hard copy only) to you, walk you through the documentation, and then revise and re-deliver the documentation to you.

Periodic (Quarterly or Event-driven) Documentation Updates
We provide quarterly or event-driven updates to all of our documentation as an additional subscription service.

Examples of Documentation (Policies and Procedures)
The following table provides an example of the range of documentation that we provide to our clients, and the manner in which we carefully map our documentation to the relevant regulatory guidance (in this case the SEC’s 2015 cybersecurity guidance to investment advisors).

CYBER -Policy2-01