Every week, we hear about a new cyber attack on an organization’s technology infrastructure costing billions in repairs, lost business, reputational damage, and stolen client data.

Regulators concerned about the danger posed to clients, firms, and the broader economy are weighing in with new cyber risk rules and frameworks at both national and local levels. This means cyber risk is no longer the sole responsibility of the IT department, but one that belongs to risk and compliance teams as well.

Cordium’s team of experts can assist organizations and private equity firms looking to manage portfolio cyber risk in a number of different ways:

Every week there is a new headline about a cyber event – in the news and social media. These attacks on the technology infrastructure of organizations cost billions in repairs, lost business, and reputational damage. The target may be money or data – or both.

Regulators — concerned about the danger posed to clients, firms, and the broader economy – are weighing in with new cyber risk rules and frameworks at both national and local levels. This means cyber risk is no longer the sole realm of the IT department. Risk and compliance teams must step up to the challenge.

Cordium helps organizations manage the risks they face through their use of technology and use of third parties. Cyber risk is now a part of normal regulatory compliance – from data protection rules to third party relationship requirements.

Private equity organizations now need to better understand the cyber risks inherent in the portfolios of companies they invest in, as well. These companies may be from a wide range of industries, and face a variety of different kinds of cyber threats.

Cordium’s team of experts can assist organizations in a number of different ways:

Vendor Risk
Management

  • Vendor Selection
  • Vendor Ranking
  • Due Diligence
  • Contracts
  • Performance review
  • SSAE 16/18 Review

SDLC
Assessment

  • Application Policy
  • Application Standards
  • Code Review
  • Application Security

Virtual
CISO

  • Mock Regulatory Exam
  • Incident Response
  • Cyber Resiliency
  • Ongoing Support
  • Strategic Plans
  • Awareness Training

Policy Review
& Development

  • Security Program
  • Security Policy
  • Security Procedures
  • Security Standards
  • NIST Cybersecurity Framework

Cybersecurity
Assessment

  • Cyber Assessment Tool
  • Inherent Risk
  • Maturity Level
  • Pen Testing
  • Phishing
  • Vulnerability Scan
  • FFIEC, NYDFS, SEC Assessments
  • GDPR Readiness

NYDFS Factsheet

Cordium has developed practical, cost-effective approaches to establishing and maintaining cybersecurity programs designed to protect consumers and ensure the safety of New York State’s financial services industry.

GDPR Factsheet

Cordium offers GDPR compliance consultation services that combine our cyber and information security expertise to assist firms with selecting the appropriate GDPR Compliance and Data Privacy Management Platform.

PROJECT-BASED SERVICES

Cordium helps organizations better understand their cyber risks and vulnerabilities, and develop a practical and achievable Cybersecurity Strategic Plan to mitigate them.

Cybersecurity Risk Assessment
Cyber risks, threats, and potential impacts are assessed through key leadership team interviews – either individual or workshop-based. The organization’s information security policies are reviewed against the NIST Cybersecurity Framework, applicable regulatory requirements, and leading practices.
Cybersecurity Controls Analysis
Through IT staff interviews and workshops, Cordium will assess cybersecurity controls governance, implemented technologies, and reporting metrics. Information security policies, standards, and procedures are reviewed against applicable regulatory requirements, the NIST Cybersecurity Framework, and leading practices. Cordium will provide recommendations to close control gaps, improve control maturity, and mitigate risks.
Cybersecurity Strategic Planning
Together Cordium and the organization will create or revise the Cybersecurity Strategic Plan – identifying and aligning cybersecurity initiatives with identified cyber risks, threats, and vulnerabilities. A “risk-based” approach to risk mitigation and acceptance is undertaken.

PRIVATE EQUITY SERVICES

Cordium’s experts will assess the cyber risk programs of private equity portfolio companies and provide a report for the investment portfolio.

Portfolio Company Cyber Risk Assessment
Cordium reviews each portfolio company’s information security policies and conducts IT staff interviews to identify sector-specific inherent cyber risks. Cordium then provides the private equity group a report on the cybersecurity risks within the investment portfolio. A standard method to measure and report on each portfolio company’s cybersecurity risks and program design is also included.

Cybersecurity Program Design Analysis
Cordium will assess each portfolio company’s cybersecurity program design and documented information security policies. The team of experts will review each set of policies against applicable regulatory requirements, as well as the NIST Cybersecurity Framework and leading practices.

Portfolio Company Cyber Risk Report
Cordium will report on the inherent cyber risks and cybersecurity program design for each portfolio company, as well as on the weighted cyber risks across the investment portfolio. Cordium will provide each portfolio company with recommendations to improve their cybersecurity preparedness.

WANT TO TALK TO THE TEAM DIRECTLY?

GET IN TOUCH