PCN’s Governance, Risk, and Compliance Security Services help organizations develop scalable programs that improve their security posture and provide assurance that risk is being managed according to policy. Our assessment, advisory and assurance services help you protect your organization’s critical assets by averting threats, closing gaps and effectively managing risk.

  • Governance Services
  • Risk Management Services
  • Compliance Services


Governance Services:

PCN works with customers to baseline current practices and makes recommendations to mature and strengthen IT cybersecurity governance and oversight. We also plan and support customer implementations of security programs and provide training to roll out effective governance throughout their organizations.

Governance Services Include:

  • IT Service Management (ITSM)
  • Policy Development and Implementation
  • Asset Management
  • Disaster Recovery/Business Continuity
  • Change Management
  • Configuration Management
  • Cloud Security


Risk Management Services:

PCN works with customers to perform meaningful risk assessments and implement vulnerability management programs foundational to enterprise risk management. PCN assesses customers’ information security posture using national and international accredited frameworks and standardization models. We work with customers to categorize information systems and the information within those systems based on risk and impact. PCN evaluates customers’ vulnerability management programs and provides guidance and implementation of systematic vulnerability identification, analysis, remediation, control, tracking, and reporting, in addition to vulnerability scanning and penetration testing.

Risk Assessment Services Include:

  • Risk Assessment/Gap Analysis
  • Operational & Technical Security Evaluation
  • Security Program Assessment

Vulnerability Management Services Include:

  • Vulnerability Program Evaluation and Implementation
  • Vulnerability Scanning

Penetration Testing Services Include:

  • Web Application Penetration Testing
  • API Penetration Testing
  • Mobile Application Penetration Testing
  • External Network Penetration Testing
  • Internal Network Penetration Testing

Compliance Services:

PCN defines consistent and integrated methodologies for security design, development, and implementation according to business objectives, regulations, and compliance. PCN educates and trains customers so they not only understand, but also can implement and maintain compliance requirements for various frameworks and regulatory requirements.

Frameworks

  • NIST 800-53v4
  • ISO27001
  • CoBIT
  • FISMA/FedRAMP

 Regulatory Compliances

  • Federal Regulations – FTI 1025, C
  • Payment Card Industry (PCI) – Data Security Standard (DSS)
  • Health Information Portability and Accountability Act (HIPAA)
  • Sarbanes Oxley (SOx)

Contact us for more information about our GRC Security Services.