MSaaS and ARTIS™ - Centre Technologies · and ARTIS™ Services dier from our Centre Assist™, Hosted & Service Time Agreement (“STA”) oerings in that these services are focused

MSaaS and ARTIS™managed security as a service and assessment of risk & technical infrastructure security services descriptions

Willie Mata, CISM, CRISC, CISA

MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com

2

The vision of Centre Technologies is easy: to be a leader and transform our industry, help others, create value, and make a difference in the communities in which we work and live.

The Twelve C’s of Centre TechnologiesCommunityImproving that which surrounds us for a better quality of life

CharityGiving back to the communities who have given so much to us

CreativityCrafting an innovative IT solution for your business

CollaborationBrilliant minds working together

CareCaring about you and the success of your business

ClientsThe Centre of our business. Without you, there would be no us

CommunicationAn important key to any successful relationship

CandorCandid feedback to help you grow to the next level

CultureCreating a friendly, close-knit environment

CourageNot being afraid to take innovative technology risk

CharacterHonesty, integrity, drive, and leadership

ConnectionGoing above and beyond to provide that special touch

https://centretechnologies.com/

MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com

4 5

technology advances rapidly STAY AHEAD OF THE CURVE WITH

centre technologies

INTRODUCTIONOVERVIEWGOVERNANCE ENGINE

BUILD ENGINEASSURE ENGINE 30

18

1086

Tabl

e of

Con

tent

s




6 7

INTRODUCTION

INTRODUCTIONManaged Security as a Service (“MSaaS”) and Assessments of Risk and Technical Infrastructure Security (ARTIS™) service offerings provided by Centre Technologies address industry standard service processes and are guided by the ISACA® Business Framework COBIT®5. Centre MSaaS and ARTIS™ Services differ from our Centre Assist™, Hosted & Service Time Agreement (“STA”) offerings in that these services are focused on in-depth management of your Information Security needs with defined service levels, deliverables and milestones with project management from our Centre Premier team and tailored to suit your needs.

MSaaS and ARTIS™ Services address the information security related functions of an enterprise. Our focus is to help organizations raise their information security posture by providing accurate assessments of risk to their technical infrastructure, assessing and/or building supporting documents and procedures, providing guidance and implementation of solutions for gap mitigation. These services are tailored to each organization’s needs, budget and risk tolerance and help maintain IT-related risk at an acceptable level, achieve strategic goals, realize business benefits through smart and innovative use of IT services and technology allowing your organization to optimize costs.

MSaaS and ARTIS™ Services offer compliance support with legal, contractual and external regulations and frameworks such as GLBA, HIPAA, PCI DSS, NERC-CIP, CJIS, ISO/IEC 27001-2:2013, NIST Special Publications, NIST Cybersecurity Framework (CSF), CSA Cloud Controls Matrix (CCM), COBIT®5, etc.

The goal of our Centre’s business relationship with your company is to create value as a partner, not just another reseller. We start all our business relationships by simply listening to your needs and then mapping your organizational needs and our service processes to a series of common Business and IT-related goals. The value we create is threefold:

• MSaaS and ARTIS™ Services are aligned to your business process needs

• MSaaS and ARTIS™ Services help you establish the foundation for internal governance and external governmental compliance and risk mitigation through thoughtful planning, smart technology acquisition and implementation, superior service delivery and support, and continuous real-time monitoring, assessment and assurance.

• MSaaS and ARTIS™ Services free you to concentrate on your business by providing a resilient IT Infrastructure

Organizations often find themselves in need of assistance to realize the value that information services delivery and technology bring to the business. Whether it’s guiding a small business to identify their IT assets and systems while prioritizing what’s most important, to crafting a strategy on how to best derive value from budgets while mitigating risk, to assisting an established IT Shop create a comprehensive Disaster Recovery, Business Continuity with IT Contingency Plan designed to NIST standards tailored to all of their internal or external regulatory compliance needs, MSaaS and ARTIS™ Services can help.




8 9

OVERVIEWMSaaS and ARTIS™ Services incorporate our initial IT Infrastructure Assessment and builds upon it tying all of the pieces described below over the course of 12, 24, or 36 months. MSaaS and ARTIS™ Services add structure with defined tasks on a schedule that can be measured and tested through the use of recurring assessments so the customer can be assured of the value our services bring to them.

All organizations are different with some requiring more guidance than others. MSaaS and ARTIS™ Services address IT related goals common to most organizations in the major areas shown above and described in detail below.

We’ll use facts learned from our initial assessment coupled with guidance and tools provided by COBIT® 5 to assess and guide your organization.

MSaaS and ARTIS™ Services are flexible enough so that we can start in any area even omitting some if these areas already exist, all tailored to what the organization needs. Using COBIT®5 tools, we will assess your current procedures and practices and throughout the course of our agreement, perform and deliver services to a pre-defined service level. The services are supervised by an ISACA® Certified Information Security Manager (“CISM”) and supplemented by Centre Premier™ Services.

All along your road to success, we are here providing continuous

guidance and support through proactive measures and

excellent customer service.




10 11

GOVERNANCE ENGINE

Governance EngineThis area is designed to offer premiere services and

guidance to help an organization develop governance which lays the foundation for the use of IT resources.

It contains separate processes designed to ensure Governance Framework Setting and Maintenance,

Benefits Delivery, Risk Optimization, Resource Optimization, and Stakeholder Transparency.




12 13

ARTI

S™ -

Info

rmat

ion

Secu

rity

Man

agem

ent S

yste

m (I

SMS)

Bui

ld to

NIS

T St

anda

rds TABLE 1

Service Features:

• Assess Risk Management Framework• Scoping and Organizational Context with

Roles and Responsibilities• Security Management Structure - Roles,

Responsibilities, Policies, Procedures and Documentation

• Requirements Analysis• Define Risk Assessment and Treatment

Methodology• Business Impact Analysis with Cost-Benefit

Analysis• Security Controls Gap Analysis• Threat, Vulnerability and Controls Analysis• Risk and Probability Analysis• Risk Scenarios and Risk Heat Map• Asset-Based Risk Assessment• Risk Tolerance Matrix • Risk Assessment and Treatment Report• Continuous Improvement Monitoring and

System Maintenance for repeatability• Management and/or external Periodic

Review• Plan of Action Roadmap using C-Stack™

solutions

Recurring ARTIS™ Service Features:

Native Ancillary Recurring Service• Controls Analysis updated every 3 months• SoA Document updated every 3 months• Security Awareness Training (1 Lunch &

Learn event per Quarter in two 1-Hour Sessions)

• Security Resource Availability• Re-Assess Risk Posture at 12 Month

Intervals

Add-On Ancillary Recurring Service• External Vulnerability Scanning, Mediation

and Re-Scan (pricing based on nodes)• Annual Pen Test (Basic)• External CyberSOC: Managed Threat

Detection & Response (Cloud-Based SIEM)

DID YOU KNOW?“Over 169 million personal records were exposed in 2015, stemming from 781 publicized breaches across the financial, business, education, government and healthcare sectors.”

~ “ITRC Data Breach Reports – 2015 Year-End Totals” | ITRC

169,000,000+

PRODUCT DESCRIPTION

Level 1 Initial ARTIS™ Setup Service Organization up to 150 employees with approximately 500 assets - MTC ISMS Build

"Recurring ARTIS™ Update Service @ Months 12, 24 and 36 *Pricing subject to change with certain Add-On Ancillary Recurring Services"





ARTIS™ - Information Security Management System (ISMS) Build to NIST Standards




14 15

ARTI

S™ -

Info

rmat

ion

Secu

rity

Man

agem

ent S

yste

m (I

SMS)

Bui

ld to

ISO

/IEC

2700

1 St

anda

rds

TABLE 2Service Features:

• Management commitment• Identify, define and produce required

scoping and organizational context documents

• Management Information Security Policy, Procedures and Documentation

• Information Security Responsibility Roles and Responsibilities


Methodology• Business Impact Analysis• Security Controls Gap Analysis• Threat, Vulnerability and Controls Analysis• Risk and Probability Analysis• Risk Scenarios and Risk Heat Map• Asset-Based Risk Assessment with Risk

Treatment Plan• Risk Tolerance Matrix • Risk Assessment and Treatment Report• Statement of Applicability for all selected

controls• Management and/or external periodic

review• Produce all ISO/IEC 27001 required

documents• Information Security Council design

for continuous improvement, system maintenance and repeatability

• Plan of Action using C-Stack™ solutions





Intervals




PRODUCT DESCRIPTION







ARTIS™ - Information Security Management System (ISMS) Build to ISO/IEC 27001 Standards




16 17

ARTI

S™ -

Com

preh

ensi

ve H

IPAA

WIS

P Bu

ild


• Policy Statement• Overview & Purpose• Scope• Definitions• Data Classification• Policy• Security Management Structure to include

Roles, Responsibilities, Policies, Procedures and Documentation

• Confidential Data Policies• Acceptable Use• Transporting Confidential Data• Secure Destruction of Confidential Data• Travel and Remote Work• Restricted Data• Password Usage• Third Party Supplier• Access Control• Security Awareness Training• Breach Response & Reporting• Sanctions• HIPAA Privacy• Identity Theft Prevention (Red Flags Rule)• Records Management and Retention• Non-Disclosure


Methodology• Business Impact Analysis• Security Controls Gap Analysis• Threat, Vulnerability and Controls Analysis• Risk and Probability Analysis• Risk Scenarios and Risk Heat Map• Asset-Based Risk Assessment• Risk Tolerance Matrix • Risk Assessment and Treatment Report• Continuous Improvement Monitoring and

System Maintenance for repeatability• Management and/or external Periodic

Review





Intervals




PRODUCT DESCRIPTION







ARTIS™ - Comprehensive HIPAA WISP Build

Centre’s level of professionalism and expertise has enabled them to become our most trusted resource for enterprise solution development and implementation.

~ Chris H., IT Manager




18 19

BUILD ENGINE

Build EngineThis area contains services and processes that focus

on the Management of IT Programs and Projects, Requirements Definition, Solutions Identification and

Building, Availability and Capacity, Organizational Change Enablement, Change Management, Change Acceptance

and Testing, Knowledge, Assets, and Configuration.




20 21

ARTI

S™ -

Busi

ness

Impa

ct A

naly

sis


• Gap Analysis• Identify critical and supporting assets• Determine asset criticality, impact and value

by department or physical site• Define dependencies & recovery targets,

RPO, RTO, MAO, MTD• Identify, define or confirm backup/restore

methodology• Identify, define or recommend resource

requirements• Identify, define or recommend recovery

priorities• Identify retention/preservation needs• Assess Impact to Organization





Intervals




PRODUCT DESCRIPTION

Level 1 Initial ARTIS™ Setup Service Organization up to 150 employees with approximately 500 assets - MTC BIA






ARTIS™ - Business Impact Analysis




22 23

ARTI

S™ -

Dis

aste

r Rec

over

y Pl

an (D

RP)

TABLE 5Service Features: • Requires prerequisite ARTIS™ - Business

Impact Analysis • Disaster Recovery and Business Continuity

Training• Identify tolerance for downtime• Assess current application set for DR/BC• Identify Triggers for Plan Activation• Activating the Emergency Response Team• Emergency Response Team Responsibilities• Activating the Disaster Recovery Team• Responsibilities of the Disaster Recovery

Team• Responsibilities of the Management Team• Communications• Develop Business Continuity plan based on

application limitation• Implement BC plan• Define Strategy for release of Information• Test BC plan• Develop Disaster Recovery plan based on

application limitation• Implement DR plan• Test DR plan• Schedule periodic DR and BC testing





Intervals




I see Centre Technologies as an extension of my team. Unlike their competitors, they view obstacles from my perspective, and want to help my company get where we need to be.

~ Shannon Srp, Chief Technical Officer, NavyArmy Credit Union

PRODUCT DESCRIPTION

Level 1 Initial ARTIS™ Setup Service Organization up to 150 employees with approximately 500 assets - MTC DRP






ARTIS™ - Disaster Recovery Plan (DRP) (BIA is a Prerequisite)




24 25

ARTI

S™ -

Busi

ness

Con

tinui

ty P

lan

(BCP

) to

NIS

T St

anda

rds


Impact Analysis• Contingency Plan Policy Statement• Conduct an ARTIS™ - Business Impact

Analysis• Identify Preventive Controls• Create Contingency Strategies

• Backup and Recovery• Backup Methods and Offsite Storage• Alternate Site Considerations• Equipment Replacement• Cost Considerations• Roles and Responsibilities

• Plan Testing, Training, and Drills• Plan Maintenance• Contingency Plan Development• Supporting Information• Activation and Notification• Recovery Phase

• Recovery Sequence• Recovery Steps• Recovery Escalation and Notification

• Reconstitution or Return to Normal Phase• Concurrent Processing• Validation Data Testing• Validation Functionality Testing

• Technical Considerations for Siting and High Availability





Intervals




PRODUCT DESCRIPTION

Level 1 Initial ARTIS™ Setup Service Organization up to 150 employees with approximately 500 assets - MTC BCP






ARTIS™ - Business Continuity Plan (BCP) to NIST Standards (BIA is a Prerequisite)




26 27

ARTI

S™ -

Busi

ness

Con

tinui

ty P

lan

(BCP

) to

ISO

223

01:2

012

Stan

dard

s


• Requires prerequisite ARTIS™ - Business Impact Analysis

• Organizational Context• Continuity Requirements• Plan Scope, Policy and Objectives• Business Continuity Roles, Responsibilities

and Authority• BCP Training, Awareness and Competencies• Plan Communications• Document Control and Maintenance• Third Party Contracts and Service Level

Agreements• Methodology, ARTIS™ - Business Impact

Analysis and Results• Methodology, Risk Assessment and Results• Continuity Strategies• Risk Treatment Plan• Continuity Procedures• Risk Treatment Plan• Continuity Procedures• Major Incident Scenarios• Plan Testing and Critique• Monitoring, Measurement and Results• Post Incident Review• Internal Audit and Review by Management• Plan Improvements and Corrections





Intervals




PRODUCT DESCRIPTION







ARTIS™ - Business Continuity Plan (BCP) to ISO 22301:2012 Standards (BIA is a Prerequisite)




28 29

ARTI

S™ -

Inci

dent

Res

pons

e Pl

an


Impact Analysis• Plan Scope• Policy and Objectives• Assumptions and Relationship to other

Policies and Procedures• Plan Updates• Definitions• Incident Prioritization• Concept of Operations• Preparation• Detection• Response Strategy• Containment• Investigation• Remediation• Recovery• Communication• Privacy• Documentation, Tracking and Reporting• Escalation





Intervals




DID YOU KNOW?“As much as 70 percent of cyberattacks use a combination of phishing and hacking techniques and involve a secondary victim.”

~ “2015 Data Breach Investigations Report” | Verizon

70%

PRODUCT DESCRIPTION

Level 1 Initial ARTIS™ Setup Service Organization up to 150 employees with approximately 500 assets - MTC IRP






ARTIS™ - Incident Response Plan (Includes DRP & BCP - BIA and RA are Prerequisite)




30 31

ASSURE ENGINE

Assure EngineThis last area contains services and processes that help an organization understand how to assure IT services deliver value towards the organizational

needs. These processes focus on Monitoring, Evaluating, and Assessing Performance and

Conformance, the System of Internal Control(s), and External Compliance with standards, procedures, legal, regulatory and contractual requirements.




32 33

ARTI

S™ -

Asse

t-Bas

ed R

isk

Asse

ssm

ent


• Establish Scope, Boundaries and Context• Assess Risk and Security Management

Programs• Assess Administrative Controls• Establish Risk Assessment Methodology• Business Impact Analysis (Administrative,

Physical, Operational and Technical Assets)

• Controls Analysis (Administrative, Physical, Operational and Technical Assets)

• Threat Analysis• Risk Scenarios and Probabilities• Calculate Risk and Risk Profile Heat

Mapping with Risk Tolerance Threshold• Build Risk Treatment Plan• Final Risk Assessment Report with

Recommendations (Plan of Action with C-Stack Solutions)





Intervals




PRODUCT DESCRIPTION

Level 1 Initial ARTIS™ Setup Service Organization up to 150 employees with approximately 500 assets - MTC RA Services






ARTIS™ -Risk Assessment (BIA is a Prerequisite)

DID YOU KNOW?“As much as 70 percent of cyberattacks use a combination of phishing and hacking techniques and involve a secondary victim.”

~ “2015 Data Breach Investigations Report” | Verizon

70%



MSaaS Service Descriptions | Copyright © 2017 | Centre Technologies, Inc. | www.centretechnologies.com

34

Centre Technologies Believes in true partnership

Companies of all sizes often lack the knowledge, manpower, or resources to adequately manage their IT systems. MSaaS and ARTIS™ Services aid in a variety of ways from helping businesses to better understand their IT systems and manage priorities, to mitigating risks while deriving value from budgets, and creating a comprehensive Disaster Recovery or Business Continuity plan.

We treat clients like partners and customize our services to their unique needs to create value and ensure long-term success.

True Partnership


CONNECTDallas, TX

8350 N. Central ExpresswaySuite 250Dallas, TX 75206

OFFICE:(214)-550-2000

HELP DESK:(214)-550-2002

Austin, TX

810 Hesters Crossing RdSuite 215Round Rock, Texas 78681

HELP:(281) 741-6338

TOLL-FREE:(512) 732-0900

New Orleans, LA

935 Gravier St.Suite 1640New Orleans, LA 70112

OFFICE:(504) 262-8700

HELP:(504) 262-8701

TOLL-FREE:(504) 262-8701

Houston, TX

480 N. Sam Houston Parkway E Suite 100Houston, TX 77060

OFFICE:(281) 506-2480

HELP:(281) 741-6388

TOLL-FREE:(281)741-6338

www.centretechnologies.com


Documents

MSaaS and ARTIS™ - Centre Technologies · and ARTIS™ Services dier from our Centre Assist™, Hosted & Service Time Agreement (“STA”) oerings in that these services are focused