Advanced Cybersecurity Agreement
Thanks for meeting with us!
Cybersecurity Program
Often times organizations have defined the cybersecurity problem as too complex, too technical and too expensive.
Our charter is to help organizations stay secure, confident, and compliant. We uplift your team, safeguard your operation, and proactively mitigate risks to prevent disruptions—from both incidents and regulatory requirements.
Our mission is to be a world class cybersecurity relationship provider.
Advanced Cybersecurity Services
What is success from an IT program?
IT Plan
Tech Stack/Alignment
Happy End Users
Executive Alignment
Operational Alignment
Fiscal Alignment
Business Productivity
Advanced Cybersecurity Services
What is success from a Cybersecurity program?
Game Plan
Security Stack / Alignment
Establish Compliance
Maintain Compliance
Reduce Risk
Increase Uptime
Reduce Number of Incidents
Reduce Severity of Incidents
Business Continuity
Let's play a game
Advanced Cybersecurity
Key components of effective security
People
- Champion
- Eliminate Assumptions
- Detect
- Respond
Processes
- Alignment
- Rhythm
- Remediation
- Practice
Tools
- EDR
- MDR
- SIEM
- Vulnerability
Outcomes
- Confidence
- Reduced Cost
- Readiness
- Uptime
- Avoid BOOM
- Stakeholder Confidence
Key People
vCISO
Executive level - Oversees outcomes - Point of contact
Security Operations Center
Operations level - Responds to events - "Eye in the sky"
Security Alignment Manager
Manager Level - Establishes baselines - Identifies Gaps
3rd Parties (Regulated Environment)
Government Assessors
3rd Party Examiners
Key Processes
Process & Purpose
Standards Alignments
Select a security ‘guiding light’, measure ourselves against it, identify gaps, put next steps into place.
Executive meetings
Provide clarity to leadership about our security posture, progress, timelines, obstacles, and then set next steps.
Policy review / updates
Security policy must be established and revisited for effectiveness.
Readiness Testing
Test our assumptions, adjust plans as needed.
Disaster Recovery
Incident Response
Vulnerability Management
Regularly check for the ‘latest greatest’ risks, remediate issues found.
Plan of action
Centralize works in progress and their status. Provide confidence to leadership.
Key Tools
Tool & Purpose
Endpoint Detection and Response (EDR)
Protection for the endpoint (PCs, Servers). Alerts on malicious activity, informs the security team. Takes automated containment actions.
Security Information and Event Management (SIEM)
Aggregates logs for available sources into a central location for AI and manual review.
- Endpoints
- Servers
- Microsoft Tenant
- Network equipment if supported
Security Orchestration Automation and Response (SOAR)
Identifies high-confidence threats and takes automated action.
Example: Token Replay attack, or impossible travel: Lock account, send alerts, require password reset.
Managed Detection and Response (MDR)
The ability to be aware of and respond to threats identified by various tools and mechanisms.
3rd party patching
Keeps common software updated to reduce attack surface.
Vulnerability Scanner
Regularly check for the ‘latest greatest’ risks in the managed environment.
Key Functions
Outcomes
- Aligned with security standards (internally and supply chain)
- Increased uptime
- Executive confidence
- Ability to detect and respond
- Alignment with company goals
- Reduced anxiety
- Reduced insurance costs
- Compliance with regulations
- Support during audits
- Significantly reduced likelihood of severe incident
- Overall lower cost vs a 100% internal resource strategy
Advanced Cybersecurity Services
Rhythm of a Security Program
- Vulnerability Scan
- Plan of action update
- Technology vision/planning
- Security Steering
- Vulnerability Scan
- Plan of action update
- DR tabletop
- DR plan update
- Security Steering
- Vulnerability Scan
- Plan of action update
- DR tabletop
- DR plan update
- Security Steering
- Vulnerability Scan
- Plan of action update
- IR tabletop
- IR plan update
- Security Steering
Monthly
SAM
- Alignment Sessions
- Vulnerability Remediation
vCISO
- Incident Response
- Q&A and other misc. items
- Check-ins
- Reporting
Daily
- Incident Response
- Threat Intelligence
- Monitoring
Advanced Cyber Services
What is included within an Advanced Security Agreement?
Endpoint (PCs, Servers, and Macs) Detection and Response (EDR)
- Deploy EDR
- Configuration of EDR
- Monitoring of EDR
Desktop Application Patch Management
- Automatic updating of desktop applications supported by Desktop Application Patch Management software.
SOC Response Desk
- Remote resolution of events during First Call's operating hours either on a T&M or Fixed Price basis. The billing approach is dependent on other IT Services agreements with First Call.
- Support for reporting as required for compliance or regulatory needs
Security Information and Event Management (SIEM) / Security Operations Center (SOC) / Managed Detection and Response (MDR)
- Configuration of devices for SIEM log storage.
- Automatic collection of logs from devices configured to use the SIEM.
- See quote for log retention duration details.
Remote Monitoring & Alerting (8×5 or 24×7)
- Monitoring of security events for devices connected to the SIEM.
- Response to generated alerts based on severity.
- Alerting in accordance with customer provided incident response plan.
Security Alignment Manager (SAM)
- Pre-scheduled SAM sessions
- IT security standards auditing
- Proactive alignment with standards
- Risk reduction
- Security steering input
3rd Party IT Audit Participation
- Virtual Chief Information Security Officer (vCISO) audit participation.
- vCISO review and recommendations upon audit conclusion.
*Up to 4 audits per year
Virtual Chief Information Security Officer (vCISO)
- Cybersecurity Steering Meetings
- Onboarding
- Other advice, budgeting, solution quotes
- Completion of vendor due diligence package requests from 3rd parties for First Call or any of its vendors.
What Is A vCISO?
First Call’s Virtual Chief Information Security Officer’s are our senior executives responsible for managing the overall security of our client’s information systems and data. Their primary role is to ensure that the organization’s information and data are protected from cyber threats.
Key Responsibilities Of A vCISO:
- Developing and implementing an overall cybersecurity strategy and roadmap for the organization.
- Overseeing the development and implementation of cybersecurity policies, procedures, and guidelines.
- Identifying and mitigating security risks and vulnerabilities in the organization’s information systems and networks
- Managing the organization’s response to cybersecurity incidents and breaches
- Overseeing the selection and implementation of cybersecurity technologies, such as firewalls, intrusion detection and prevention systems, and security information and event management (SIEM) systems
- Ensuring that employees are trained on cybersecurity best practices and are aware of their responsibilities in maintaining the security of the organization’s information and date
- Collaborating with other stakeholders, such as the owners or executives to ensure that cybersecurity is integrated into the organization's overall strategy.
Our vCISO’s play a critical role in ensuring the confidentiality, integrity and availability of an organization’s information and data. As cyber threats continue to evolve and become more sophisticated, the role of the vCISO becomes increasingly important in protecting an organization’s critical assets from cyber attacks.
What Is A Security Alignment Manager (SAM)?
Think of a SAM like an auditor. They are regularly performing a review of your IT assets against cybersecurity standards. Finding the gaps, improving documentation, proactively reviewing the environment to reduce risk, improve standards alignment, documentation and proof for all involved.
This role involves understanding the organization’s devices, applications, networks, data, and users to ensure that the
appropriate cybersecurity measures are in place to protect them.
First Call’s SAM plays a critical role in ensuring that an organization’s cybersecurity program is aligned with its overall business strategy and is designed to protect its critical assets from cyber threats
Key Responsibilities of a Security Alignment Manager:
What Is a SOC Engineer?
Security Operations Center Engineers are the eyes in the sky, leveraging tools and processes to prevent attack , detect, mitigate, respond and recover. operating during business hours and after hours depending on the agreement type.
First Call has two types of SOC Engineers:
- Inhouse
- 3rd Party (American based) for 24/7/365 coverage.
Our SOC teams work together, leveraging the same tools and processes to drive business continuity in real time.
Better Services
How do the fees work?
Onboarding
First Call charges an onboarding fee that is based on the monthly recurring agreement. This is charged upfront and must be paid before work begins.
Recurring
The agreement is billed monthly at the beginning of the month. Credit card, e-check or ACH payment is required.
What are the basic terms of the agreement?
36-month contract
Choosing A Cybersecurity Partner
We hope the time spent and information provided has been helpful so far. We want a successful long-term relationship and to build a program, not provide one off preventative or recovery services. We understand that choosing the right cybersecurity partner can be a crucial decision for your organization. It involves entrusting a third-party with protecting your sensitive information and critical assets from cyber threats.
First Call has:
- Expertise and Experience
- Certifications
- Complete Range of Services
- Program
- Assessments
- GRC
- Professional Services
- Strong working relationships with regulators and examiners.
- Cost effectiveness