Scott Roe, President, CEO & ChairmanEnterprise security can only be as strong as its weakest link; even a single vulnerable point could snowball into a major threat, putting countless datasets and systems at risk. For this very reason, enterprises are looking at obtaining predictable results regarding risk exposure, since reactive solutions such as security patch management alone cannot handle the threats. Corporate Risk Solutions Inc., (CRSI)—a premier security consulting organization takes a more proactive approach by enabling its clients to maneuver the challenges through a comprehensive strategy that encompasses physical and cybersecurity. “We consider physical security and cybersecurity as two sides of the same coin, as assets pertaining to the latter are guarded by the former,” states Scott Roe, CRSI’s President, CEO and Chairman.
CRSI works under the Culture of Compliance (CoC) framework that includes all stakeholders of a client— the employees, leadership, partners, and customers—for spreading awareness on phishing attacks and potential internal threat vectors. Patrick Shore, director, sales and marketing at CRSI, says that CoC focuses on five “lenses,” namely preventive, detective, corrective, collaborative, and innovative, to secure an organization’s physical and cyberenvironment.
When it comes to safeguarding physical assets like Bulk Electric System (BES) cybersystems, CSRI develops appropriate security plans and strategies where they take into account all the key performance indicators that would positively impact the implementation for the client. The physical security assessment tool developed by CSRI can mine historical threat data, and monitor the facilities round-the-clock to report on potential threats.
Meanwhile, the process of implementing a cybersecurity solution begins with the Cyber Vulnerability Assessment (CVA) that assesses the impact on networks, and the results help in building appropriate firewalls for the network traffic. Following this, secure firewall access points, VPN tunnels for connectivity, jumphost, encryption, and monitoring of data at rest and transit are provided. Further, web content filtering and blacklisting of malicious websites are incorporated as well.
We consider physical security and cybersecurity as two sides of the same coin, as assets pertaining to the latter are guarded by the former
Roe emphasizes that CRSI assists customers through all phases of definition, design, implementation and testing.
CRSI has fortified the security of several enterprises in the energy and utilities sector, earning it the distinction of working with over 250 electric utility companies in the last five years, including one among the top ten in the U.S. Immediately after clearing the security audit process for NERC CIP compliance, one of their clients sought CRSI’s assistance in deploying state-of-art disaster response and recovery solutions. Although, the client’s ecosystem complied with the standards and cleared a rigorous security audit, CRSI identified several loopholes that they hadn’t seen earlier— such as responding to vulnerabilities in the absence of the specific personnel concerned. Currently, CRSI is involved in conducting complex drills to assess the porosity of the client’s network and make recommendations on the usage of new technology for improving backup operations and optimizing the workflow.
As Roe adds, “Security is a constant process, and there is no end to it.” To keep up with the constantly evolving cybersecurity ecosystem, the CRSI workforce undergoes continuous learning to conduct expert advisory programs that prepare customers to take on security challenges head on. Recently, the company has included two additional services to its portfolio, namely strategic whiteboard and strategic roadmap sessions. The whiteboard session is a two-day engagement program where customers are trained to prepare high-level security plans, while the roadmap session focuses on the security frameworks in depth, to develop roadmaps with an optimal budget. CRSI’s future plans include design hardening a secure environment for the data that the Internet of Things IoT will generate, as well as connected vehicles, smart roadways and smart cities.