Upload
lamthu
View
214
Download
0
Embed Size (px)
Citation preview
MSaaS and ARTIS™managed security as a service and assessment of risk & technical infrastructure security services descriptions
Willie Mata, CISM, CRISC, CISA
MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com
2
The vision of Centre Technologies is easy: to be a leader and transform our industry, help others, create value, and make a difference in the communities in which we work and live.
The Twelve C’s of Centre TechnologiesCommunityImproving that which surrounds us for a better quality of life
CharityGiving back to the communities who have given so much to us
CreativityCrafting an innovative IT solution for your business
CollaborationBrilliant minds working together
CareCaring about you and the success of your business
ClientsThe Centre of our business. Without you, there would be no us
CommunicationAn important key to any successful relationship
CandorCandid feedback to help you grow to the next level
CultureCreating a friendly, close-knit environment
CourageNot being afraid to take innovative technology risk
CharacterHonesty, integrity, drive, and leadership
ConnectionGoing above and beyond to provide that special touch
MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com
4 5
technology advances rapidly STAY AHEAD OF THE CURVE WITH
centre technologies
INTRODUCTIONOVERVIEWGOVERNANCE ENGINE
BUILD ENGINEASSURE ENGINE 30
18
1086
Tabl
e of
Con
tent
s
MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com
6 7
INTRODUCTION
INTRODUCTIONManaged Security as a Service (“MSaaS”) and Assessments of Risk and Technical Infrastructure Security (ARTIS™) service offerings provided by Centre Technologies address industry standard service processes and are guided by the ISACA® Business Framework COBIT®5. Centre MSaaS and ARTIS™ Services differ from our Centre Assist™, Hosted & Service Time Agreement (“STA”) offerings in that these services are focused on in-depth management of your Information Security needs with defined service levels, deliverables and milestones with project management from our Centre Premier team and tailored to suit your needs.
MSaaS and ARTIS™ Services address the information security related functions of an enterprise. Our focus is to help organizations raise their information security posture by providing accurate assessments of risk to their technical infrastructure, assessing and/or building supporting documents and procedures, providing guidance and implementation of solutions for gap mitigation. These services are tailored to each organization’s needs, budget and risk tolerance and help maintain IT-related risk at an acceptable level, achieve strategic goals, realize business benefits through smart and innovative use of IT services and technology allowing your organization to optimize costs.
MSaaS and ARTIS™ Services offer compliance support with legal, contractual and external regulations and frameworks such as GLBA, HIPAA, PCI DSS, NERC-CIP, CJIS, ISO/IEC 27001-2:2013, NIST Special Publications, NIST Cybersecurity Framework (CSF), CSA Cloud Controls Matrix (CCM), COBIT®5, etc.
The goal of our Centre’s business relationship with your company is to create value as a partner, not just another reseller. We start all our business relationships by simply listening to your needs and then mapping your organizational needs and our service processes to a series of common Business and IT-related goals. The value we create is threefold:
• MSaaS and ARTIS™ Services are aligned to your business process needs
• MSaaS and ARTIS™ Services help you establish the foundation for internal governance and external governmental compliance and risk mitigation through thoughtful planning, smart technology acquisition and implementation, superior service delivery and support, and continuous real-time monitoring, assessment and assurance.
• MSaaS and ARTIS™ Services free you to concentrate on your business by providing a resilient IT Infrastructure
Organizations often find themselves in need of assistance to realize the value that information services delivery and technology bring to the business. Whether it’s guiding a small business to identify their IT assets and systems while prioritizing what’s most important, to crafting a strategy on how to best derive value from budgets while mitigating risk, to assisting an established IT Shop create a comprehensive Disaster Recovery, Business Continuity with IT Contingency Plan designed to NIST standards tailored to all of their internal or external regulatory compliance needs, MSaaS and ARTIS™ Services can help.
MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com
8 9
OVERVIEWMSaaS and ARTIS™ Services incorporate our initial IT Infrastructure Assessment and builds upon it tying all of the pieces described below over the course of 12, 24, or 36 months. MSaaS and ARTIS™ Services add structure with defined tasks on a schedule that can be measured and tested through the use of recurring assessments so the customer can be assured of the value our services bring to them.
All organizations are different with some requiring more guidance than others. MSaaS and ARTIS™ Services address IT related goals common to most organizations in the major areas shown above and described in detail below.
We’ll use facts learned from our initial assessment coupled with guidance and tools provided by COBIT® 5 to assess and guide your organization.
MSaaS and ARTIS™ Services are flexible enough so that we can start in any area even omitting some if these areas already exist, all tailored to what the organization needs. Using COBIT®5 tools, we will assess your current procedures and practices and throughout the course of our agreement, perform and deliver services to a pre-defined service level. The services are supervised by an ISACA® Certified Information Security Manager (“CISM”) and supplemented by Centre Premier™ Services.
All along your road to success, we are here providing continuous
guidance and support through proactive measures and
excellent customer service.
MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com
10 11
GOVERNANCE ENGINE
Governance EngineThis area is designed to offer premiere services and
guidance to help an organization develop governance which lays the foundation for the use of IT resources.
It contains separate processes designed to ensure Governance Framework Setting and Maintenance,
Benefits Delivery, Risk Optimization, Resource Optimization, and Stakeholder Transparency.
MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com
12 13
ARTI
S™ -
Info
rmat
ion
Secu
rity
Man
agem
ent S
yste
m (I
SMS)
Bui
ld to
NIS
T St
anda
rds TABLE 1
Service Features:
• Assess Risk Management Framework• Scoping and Organizational Context with
Roles and Responsibilities• Security Management Structure - Roles,
Responsibilities, Policies, Procedures and Documentation
• Requirements Analysis• Define Risk Assessment and Treatment
Methodology• Business Impact Analysis with Cost-Benefit
Analysis• Security Controls Gap Analysis• Threat, Vulnerability and Controls Analysis• Risk and Probability Analysis• Risk Scenarios and Risk Heat Map• Asset-Based Risk Assessment• Risk Tolerance Matrix • Risk Assessment and Treatment Report• Continuous Improvement Monitoring and
System Maintenance for repeatability• Management and/or external Periodic
Review• Plan of Action Roadmap using C-Stack™
solutions
Recurring ARTIS™ Service Features:
Native Ancillary Recurring Service• Controls Analysis updated every 3 months• SoA Document updated every 3 months• Security Awareness Training (1 Lunch &
Learn event per Quarter in two 1-Hour Sessions)
• Security Resource Availability• Re-Assess Risk Posture at 12 Month
Intervals
Add-On Ancillary Recurring Service• External Vulnerability Scanning, Mediation
and Re-Scan (pricing based on nodes)• Annual Pen Test (Basic)• External CyberSOC: Managed Threat
Detection & Response (Cloud-Based SIEM)
DID YOU KNOW?“Over 169 million personal records were exposed in 2015, stemming from 781 publicized breaches across the financial, business, education, government and healthcare sectors.”
~ “ITRC Data Breach Reports – 2015 Year-End Totals” | ITRC
169,000,000+
PRODUCT DESCRIPTION
Level 1 Initial ARTIS™ Setup Service Organization up to 150 employees with approximately 500 assets - MTC ISMS Build
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
Level 2 Initial ARTIS™ Setup Service Organization up to 500 employees with approximately 1500 assets - MTC ISMS Build
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
Level 3 Initial ARTIS™ Setup Service Organization up to 1500 employees with approximately 4500 assets - MTC ISMS Build
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
ARTIS™ - Information Security Management System (ISMS) Build to NIST Standards
MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com
14 15
ARTI
S™ -
Info
rmat
ion
Secu
rity
Man
agem
ent S
yste
m (I
SMS)
Bui
ld to
ISO
/IEC
2700
1 St
anda
rds
TABLE 2Service Features:
• Management commitment• Identify, define and produce required
scoping and organizational context documents
• Management Information Security Policy, Procedures and Documentation
• Information Security Responsibility Roles and Responsibilities
• Requirements Analysis• Define Risk Assessment and Treatment
Methodology• Business Impact Analysis• Security Controls Gap Analysis• Threat, Vulnerability and Controls Analysis• Risk and Probability Analysis• Risk Scenarios and Risk Heat Map• Asset-Based Risk Assessment with Risk
Treatment Plan• Risk Tolerance Matrix • Risk Assessment and Treatment Report• Statement of Applicability for all selected
controls• Management and/or external periodic
review• Produce all ISO/IEC 27001 required
documents• Information Security Council design
for continuous improvement, system maintenance and repeatability
• Plan of Action using C-Stack™ solutions
Recurring ARTIS™ Service Features:
Native Ancillary Recurring Service• Controls Analysis updated every 3 months• SoA Document updated every 3 months• Security Awareness Training (1 Lunch &
Learn event per Quarter in two 1-Hour Sessions)
• Security Resource Availability• Re-Assess Risk Posture at 12 Month
Intervals
Add-On Ancillary Recurring Service• External Vulnerability Scanning, Mediation
and Re-Scan (pricing based on nodes)• Annual Pen Test (Basic)• External CyberSOC: Managed Threat
Detection & Response (Cloud-Based SIEM)
PRODUCT DESCRIPTION
Level 1 Initial ARTIS™ Setup Service Organization up to 150 employees with approximately 500 assets - MTC ISMS Build
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
Level 2 Initial ARTIS™ Setup Service Organization up to 500 employees with approximately 1500 assets - MTC ISMS Build
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
Level 3 Initial ARTIS™ Setup Service Organization up to 1500 employees with approximately 4500 assets - MTC ISMS Build
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
ARTIS™ - Information Security Management System (ISMS) Build to ISO/IEC 27001 Standards
MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com
16 17
ARTI
S™ -
Com
preh
ensi
ve H
IPAA
WIS
P Bu
ild
TABLE 3Service Features:
• Policy Statement• Overview & Purpose• Scope• Definitions• Data Classification• Policy• Security Management Structure to include
Roles, Responsibilities, Policies, Procedures and Documentation
• Confidential Data Policies• Acceptable Use• Transporting Confidential Data• Secure Destruction of Confidential Data• Travel and Remote Work• Restricted Data• Password Usage• Third Party Supplier• Access Control• Security Awareness Training• Breach Response & Reporting• Sanctions• HIPAA Privacy• Identity Theft Prevention (Red Flags Rule)• Records Management and Retention• Non-Disclosure
• Requirements Analysis• Define Risk Assessment and Treatment
Methodology• Business Impact Analysis• Security Controls Gap Analysis• Threat, Vulnerability and Controls Analysis• Risk and Probability Analysis• Risk Scenarios and Risk Heat Map• Asset-Based Risk Assessment• Risk Tolerance Matrix • Risk Assessment and Treatment Report• Continuous Improvement Monitoring and
System Maintenance for repeatability• Management and/or external Periodic
Review
Recurring ARTIS™ Service Features:
Native Ancillary Recurring Service• Controls Analysis updated every 3 months• SoA Document updated every 3 months• Security Awareness Training (1 Lunch &
Learn event per Quarter in two 1-Hour Sessions)
• Security Resource Availability• Re-Assess Risk Posture at 12 Month
Intervals
Add-On Ancillary Recurring Service• External Vulnerability Scanning, Mediation
and Re-Scan (pricing based on nodes)• Annual Pen Test (Basic)• External CyberSOC: Managed Threat
Detection & Response (Cloud-Based SIEM)
PRODUCT DESCRIPTION
Level 1 Initial ARTIS™ Setup Service Organization up to 150 employees with approximately 500 assets - MTC ISMS Build
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
Level 2 Initial ARTIS™ Setup Service Organization up to 500 employees with approximately 1500 assets - MTC ISMS Build
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
Level 3 Initial ARTIS™ Setup Service Organization up to 1500 employees with approximately 4500 assets - MTC ISMS Build
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
ARTIS™ - Comprehensive HIPAA WISP Build
Centre’s level of professionalism and expertise has enabled them to become our most trusted resource for enterprise solution development and implementation.
~ Chris H., IT Manager
MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com
18 19
BUILD ENGINE
Build EngineThis area contains services and processes that focus
on the Management of IT Programs and Projects, Requirements Definition, Solutions Identification and
Building, Availability and Capacity, Organizational Change Enablement, Change Management, Change Acceptance
and Testing, Knowledge, Assets, and Configuration.
MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com
20 21
ARTI
S™ -
Busi
ness
Impa
ct A
naly
sis
TABLE 4Service Features:
• Gap Analysis• Identify critical and supporting assets• Determine asset criticality, impact and value
by department or physical site• Define dependencies & recovery targets,
RPO, RTO, MAO, MTD• Identify, define or confirm backup/restore
methodology• Identify, define or recommend resource
requirements• Identify, define or recommend recovery
priorities• Identify retention/preservation needs• Assess Impact to Organization
Recurring ARTIS™ Service Features:
Native Ancillary Recurring Service• Controls Analysis updated every 3 months• SoA Document updated every 3 months• Security Awareness Training (1 Lunch &
Learn event per Quarter in two 1-Hour Sessions)
• Security Resource Availability• Re-Assess Risk Posture at 12 Month
Intervals
Add-On Ancillary Recurring Service• External Vulnerability Scanning, Mediation
and Re-Scan (pricing based on nodes)• Annual Pen Test (Basic)• External CyberSOC: Managed Threat
Detection & Response (Cloud-Based SIEM)
PRODUCT DESCRIPTION
Level 1 Initial ARTIS™ Setup Service Organization up to 150 employees with approximately 500 assets - MTC BIA
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
Level 2 Initial ARTIS™ Setup Service Organization up to 500 employees with approximately 1500 assets - MTC BIA
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
Level 3 Initial ARTIS™ Setup Service Organization up to 1500 employees with approximately 4500 assets - MTC BIA
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
ARTIS™ - Business Impact Analysis
MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com
22 23
ARTI
S™ -
Dis
aste
r Rec
over
y Pl
an (D
RP)
TABLE 5Service Features: • Requires prerequisite ARTIS™ - Business
Impact Analysis • Disaster Recovery and Business Continuity
Training• Identify tolerance for downtime• Assess current application set for DR/BC• Identify Triggers for Plan Activation• Activating the Emergency Response Team• Emergency Response Team Responsibilities• Activating the Disaster Recovery Team• Responsibilities of the Disaster Recovery
Team• Responsibilities of the Management Team• Communications• Develop Business Continuity plan based on
application limitation• Implement BC plan• Define Strategy for release of Information• Test BC plan• Develop Disaster Recovery plan based on
application limitation• Implement DR plan• Test DR plan• Schedule periodic DR and BC testing
Recurring ARTIS™ Service Features:
Native Ancillary Recurring Service• Controls Analysis updated every 3 months• SoA Document updated every 3 months• Security Awareness Training (1 Lunch &
Learn event per Quarter in two 1-Hour Sessions)
• Security Resource Availability• Re-Assess Risk Posture at 12 Month
Intervals
Add-On Ancillary Recurring Service• External Vulnerability Scanning, Mediation
and Re-Scan (pricing based on nodes)• Annual Pen Test (Basic)• External CyberSOC: Managed Threat
Detection & Response (Cloud-Based SIEM)
I see Centre Technologies as an extension of my team. Unlike their competitors, they view obstacles from my perspective, and want to help my company get where we need to be.
~ Shannon Srp, Chief Technical Officer, NavyArmy Credit Union
PRODUCT DESCRIPTION
Level 1 Initial ARTIS™ Setup Service Organization up to 150 employees with approximately 500 assets - MTC DRP
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
Level 2 Initial ARTIS™ Setup Service Organization up to 500 employees with approximately 1500 assets - MTC DRP
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
Level 3 Initial ARTIS™ Setup Service Organization up to 1500 employees with approximately 4500 assets - MTC DRP
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
ARTIS™ - Disaster Recovery Plan (DRP) (BIA is a Prerequisite)
MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com
24 25
ARTI
S™ -
Busi
ness
Con
tinui
ty P
lan
(BCP
) to
NIS
T St
anda
rds
TABLE 6Service Features: • Requires prerequisite ARTIS™ - Business
Impact Analysis• Contingency Plan Policy Statement• Conduct an ARTIS™ - Business Impact
Analysis• Identify Preventive Controls• Create Contingency Strategies
• Backup and Recovery• Backup Methods and Offsite Storage• Alternate Site Considerations• Equipment Replacement• Cost Considerations• Roles and Responsibilities
• Plan Testing, Training, and Drills• Plan Maintenance• Contingency Plan Development• Supporting Information• Activation and Notification• Recovery Phase
• Recovery Sequence• Recovery Steps• Recovery Escalation and Notification
• Reconstitution or Return to Normal Phase• Concurrent Processing• Validation Data Testing• Validation Functionality Testing
• Technical Considerations for Siting and High Availability
Recurring ARTIS™ Service Features:
Native Ancillary Recurring Service• Controls Analysis updated every 3 months• SoA Document updated every 3 months• Security Awareness Training (1 Lunch &
Learn event per Quarter in two 1-Hour Sessions)
• Security Resource Availability• Re-Assess Risk Posture at 12 Month
Intervals
Add-On Ancillary Recurring Service• External Vulnerability Scanning, Mediation
and Re-Scan (pricing based on nodes)• Annual Pen Test (Basic)• External CyberSOC: Managed Threat
Detection & Response (Cloud-Based SIEM)
PRODUCT DESCRIPTION
Level 1 Initial ARTIS™ Setup Service Organization up to 150 employees with approximately 500 assets - MTC BCP
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
Level 2 Initial ARTIS™ Setup Service Organization up to 500 employees with approximately 1500 assets - MTC BCP
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
Level 3 Initial ARTIS™ Setup Service Organization up to 1500 employees with approximately 4500 assets - MTC BCP
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
ARTIS™ - Business Continuity Plan (BCP) to NIST Standards (BIA is a Prerequisite)
MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com
26 27
ARTI
S™ -
Busi
ness
Con
tinui
ty P
lan
(BCP
) to
ISO
223
01:2
012
Stan
dard
s
TABLE 7Service Features:
• Requires prerequisite ARTIS™ - Business Impact Analysis
• Organizational Context• Continuity Requirements• Plan Scope, Policy and Objectives• Business Continuity Roles, Responsibilities
and Authority• BCP Training, Awareness and Competencies• Plan Communications• Document Control and Maintenance• Third Party Contracts and Service Level
Agreements• Methodology, ARTIS™ - Business Impact
Analysis and Results• Methodology, Risk Assessment and Results• Continuity Strategies• Risk Treatment Plan• Continuity Procedures• Risk Treatment Plan• Continuity Procedures• Major Incident Scenarios• Plan Testing and Critique• Monitoring, Measurement and Results• Post Incident Review• Internal Audit and Review by Management• Plan Improvements and Corrections
Recurring ARTIS™ Service Features:
Native Ancillary Recurring Service• Controls Analysis updated every 3 months• SoA Document updated every 3 months• Security Awareness Training (1 Lunch &
Learn event per Quarter in two 1-Hour Sessions)
• Security Resource Availability• Re-Assess Risk Posture at 12 Month
Intervals
Add-On Ancillary Recurring Service• External Vulnerability Scanning, Mediation
and Re-Scan (pricing based on nodes)• Annual Pen Test (Basic)• External CyberSOC: Managed Threat
Detection & Response (Cloud-Based SIEM)
PRODUCT DESCRIPTION
Level 1 Initial ARTIS™ Setup Service Organization up to 150 employees with approximately 500 assets - MTC BCP
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
Level 2 Initial ARTIS™ Setup Service Organization up to 500 employees with approximately 1500 assets - MTC BCP
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
Level 3 Initial ARTIS™ Setup Service Organization up to 1500 employees with approximately 4500 assets - MTC BCP
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
ARTIS™ - Business Continuity Plan (BCP) to ISO 22301:2012 Standards (BIA is a Prerequisite)
MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com
28 29
ARTI
S™ -
Inci
dent
Res
pons
e Pl
an
TABLE 8Service Features: • Requires prerequisite ARTIS™ - Business
Impact Analysis• Plan Scope• Policy and Objectives• Assumptions and Relationship to other
Policies and Procedures• Plan Updates• Definitions• Incident Prioritization• Concept of Operations• Preparation• Detection• Response Strategy• Containment• Investigation• Remediation• Recovery• Communication• Privacy• Documentation, Tracking and Reporting• Escalation
Recurring ARTIS™ Service Features:
Native Ancillary Recurring Service• Controls Analysis updated every 3 months• SoA Document updated every 3 months• Security Awareness Training (1 Lunch &
Learn event per Quarter in two 1-Hour Sessions)
• Security Resource Availability• Re-Assess Risk Posture at 12 Month
Intervals
Add-On Ancillary Recurring Service• External Vulnerability Scanning, Mediation
and Re-Scan (pricing based on nodes)• Annual Pen Test (Basic)• External CyberSOC: Managed Threat
Detection & Response (Cloud-Based SIEM)
DID YOU KNOW?“As much as 70 percent of cyberattacks use a combination of phishing and hacking techniques and involve a secondary victim.”
~ “2015 Data Breach Investigations Report” | Verizon
70%
PRODUCT DESCRIPTION
Level 1 Initial ARTIS™ Setup Service Organization up to 150 employees with approximately 500 assets - MTC IRP
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
Level 2 Initial ARTIS™ Setup Service Organization up to 500 employees with approximately 1500 assets - MTC IRP
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
Level 3 Initial ARTIS™ Setup Service Organization up to 1500 employees with approximately 4500 assets - MTC IRP
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
ARTIS™ - Incident Response Plan (Includes DRP & BCP - BIA and RA are Prerequisite)
MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com
30 31
ASSURE ENGINE
Assure EngineThis last area contains services and processes that help an organization understand how to assure IT services deliver value towards the organizational
needs. These processes focus on Monitoring, Evaluating, and Assessing Performance and
Conformance, the System of Internal Control(s), and External Compliance with standards, procedures, legal, regulatory and contractual requirements.
MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com
32 33
ARTI
S™ -
Asse
t-Bas
ed R
isk
Asse
ssm
ent
TABLE 9Service Features:
• Establish Scope, Boundaries and Context• Assess Risk and Security Management
Programs• Assess Administrative Controls• Establish Risk Assessment Methodology• Business Impact Analysis (Administrative,
Physical, Operational and Technical Assets)
• Controls Analysis (Administrative, Physical, Operational and Technical Assets)
• Threat Analysis• Risk Scenarios and Probabilities• Calculate Risk and Risk Profile Heat
Mapping with Risk Tolerance Threshold• Build Risk Treatment Plan• Final Risk Assessment Report with
Recommendations (Plan of Action with C-Stack Solutions)
Recurring ARTIS™ Service Features:
Native Ancillary Recurring Service• Controls Analysis updated every 3 months• SoA Document updated every 3 months• Security Awareness Training (1 Lunch &
Learn event per Quarter in two 1-Hour Sessions)
• Security Resource Availability• Re-Assess Risk Posture at 12 Month
Intervals
Add-On Ancillary Recurring Service• External Vulnerability Scanning, Mediation
and Re-Scan (pricing based on nodes)• Annual Pen Test (Basic)• External CyberSOC: Managed Threat
Detection & Response (Cloud-Based SIEM)
PRODUCT DESCRIPTION
Level 1 Initial ARTIS™ Setup Service Organization up to 150 employees with approximately 500 assets - MTC RA Services
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
Level 2 Initial ARTIS™ Setup Service Organization up to 500 employees with approximately 1500 assets - MTC RA Services
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
Level 3 Initial ARTIS™ Setup Service Organization up to 1500 employees with approximately 4500 assets - MTC RA Services
"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"
ARTIS™ -Risk Assessment (BIA is a Prerequisite)
DID YOU KNOW?“As much as 70 percent of cyberattacks use a combination of phishing and hacking techniques and involve a secondary victim.”
~ “2015 Data Breach Investigations Report” | Verizon
70%
MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com
34
Centre Technologies Believes in true partnership
Companies of all sizes often lack the knowledge, manpower, or resources to adequately manage their IT systems. MSaaS and ARTIS™ Services aid in a variety of ways from helping businesses to better understand their IT systems and manage priorities, to mitigating risks while deriving value from budgets, and creating a comprehensive Disaster Recovery or Business Continuity plan.
We treat clients like partners and customize our services to their unique needs to create value and ensure long-term success.
True Partnership
CONNECTDallas, TX
8350 N. Central ExpresswaySuite 250Dallas, TX 75206
OFFICE:(214)-550-2000
HELP DESK:(214)-550-2002
Austin, TX
810 Hesters Crossing RdSuite 215Round Rock, Texas 78681
HELP:(281) 741-6338
TOLL-FREE:(512) 732-0900
New Orleans, LA
935 Gravier St.Suite 1640New Orleans, LA 70112
OFFICE:(504) 262-8700
HELP:(504) 262-8701
TOLL-FREE:(504) 262-8701
Houston, TX
480 N. Sam Houston Parkway E Suite 100Houston, TX 77060
OFFICE:(281) 506-2480
HELP:(281) 741-6388
TOLL-FREE:(281)741-6338
www.centretechnologies.com