What we do?

Stratuspeer’s cyber security practice has one single objective – to deliver the most efficient and prudent cyber security program which maximizes the operational impact at the most appropriate price point. From the early days of Stratuspeer, we recognized the trend for cyber security to become intricately weaved into companies’ operational fabric and into every business and application development conversation. No longer an isolated and siloed, a security function needs to be informed by, and knowledgeable of, every aspect of what makes up a modern business.

The following are the guiding principles behind Stratuspeer’s cyber security approach

  • Focus on making an operational impact to add value to the business, as measured by an ROI, vs adding carrying costs.

  • Integration of security function into every aspect and conversation of the business.

  • While our cyber consultants are skilled cyber experts, they all possess unique knowledge of industries they consult for, making their cyber knowledge highly relevant, applicable and immediately impactful.

  • Pragmatic approach helps Stratuspeer build security programs which are balanced and avoid waste and deliver optimal cyber performance and protection.

  • Given the unprecedented rate of change in the security landscape, cyber portfolio management is an ongoing task which requires regular disciplined monitoring cadence.

  • Simplification of the cyber approach is the key objective that allows for agile changes in response to rapidly emerging threats.

Security assessments - framework / compliance driven

Security risk assessments rely on a number of cyber security frameworks and compliance standard as a foundation. The baseline is established by selecting an appropriate framework and / or standard and customizing its interpretation for the industry and client. The resulting matrix is uniquely tailored to the client and serves as a starting point for collecting, and mapping, the information on risks, controls, systems, processes, users, data classes, and governance. The delta between requirements and the current state is determined which is translated into a step-by-step remediation plan. Stratuspeer seeks to build a repeatable process that, at the completion of the first engagement, can be performed by the client in part or in whole. Knowledge transfer embedded in the engagement raises the client’s cyber capabilities and ensures that the entire organization advances its cyber skillset.

Compliance assessment

Stratuspeer has performed compliance assessments against most major compliance frameworks, including

  • ISO 27000

  • NIST CSF

  • NIST 800-171

  • HIPAA

  • HITRUST CSF

  • GDPR

  • PCI

  • DFARS

  • and CMMC

The goal of our compliance services is to design a compliance program which would allow an organization to evolve with the standards while maximizing self-reliance and corporate productivity.