Tilson Twitter PageTilson Facebook PageTilson LinkedIn Page

Information Security

Our Information Security professionals partner technical subject matter expertise with strong analytic and project management skills. We provide thought leadership, assessment and policy and compliance services to our clients, who range from multinational media companies and health care organizations to construction companies and professional services firms.

Tilson’s core information security services include:

CISO Advisory Services

A Chief Information Security Officer (CISO) for hire is a cost-effective solution to provide your business with overall risk management leadership while minimizing your overhead cost. By engaging one of our consultants in this role, you'll benefit from their current, industry-leading knowledge and experience. A CISO for hire becomes part of your team, working with company and line staff to deliver the information security systems your company needs. Services offered include:

  • Creating and managing enterprise risk management programs
  • Developing and implementing security policies and procedures
  • Establishing and nurturing a security-aware culture
  • Providing guidance and reporting for boards and executive sponsors
  • Managing and overseeing vendors and associated due diligence
  • Enabling strategic goal implementation within a controlled, secure framework

Our consultants leverage a number of methodologies and frameworks to meet the specific requirements and needs of your organization including:

  • PCI DSS (Payment Card Industry Data Security Standards)
  • HIPAA (Health Insurance Portability and Accountability Act)
  • HITECH (Health Information Technology for Economic and Clinical Health Act)
  • NIST (National Institute of Standards and Technology), COBIT (Control Objectives for Information and Related Technology)
  • SOX (Sarbanes-Oxley)
  • GLBA (Gramm–Leach–Bliley Act)
  • ISO (International Organization for Standardization) 27001.

Assessment Services

Your customers rely on you to maintain a high level of data security. We partner with our clients to ensure that vulnerabilities and threats are identified, policies and controls are implemented, best practices are followed, and information risk is mitigated. Our comprehensive array of information security services includes risk assessment, vulnerability and penetration testing and application testing.

  • Risk Assessment: The risk assessment process begins by creating an information inventory mapping the flow of sensitive information in order to identify technical and process vulnerabilities. Our consultants create a risk management plan which incorporates varies mitigation strategies including policies, best practices, and technical controls. By working closely with your internal information technology and security team, we ensure that a sustainable security framework is both established and implemented.
  • Vulnerability and Penetration Testing: Carrying out vulnerability and penetration testing is a necessary step in mitigating technical risk. We offer internal vulnerability analyses, which identify and quantify the system risk associated with internal threats. Our penetration testing evaluates risk posture from external threats and sources. The security testing report documents the resources tested, vulnerabilities identified, security risks and associated remediation efforts and sets the groundwork for a robust information security framework.
  • Application Testing: Web applications have become a popular target for malicious activity. Our comprehensive approach incorporates project management best practices targets the most common industry vulnerabilities and ensures that clients have a clear understanding of the strategic and tactical efforts that will strengthen data security. Our manual and automated test methods scrutinize web applications based on the Open Web Application Security Project (OWASP) top ten list. We then compile and analyze results and prepare a report of our findings including risk ratings and recommendations. We excel at clearly communicating next steps, assisting in issue remediation and help engage your internal team throughout this process.

Policy & Compliance

Regulatory compliance in a highly regulated environment is crucial to business success. Our team of policy experts work to ensure your company's security practices are appropriately codified and institutionalized. Consultants are skilled in gap analysis and risk mitigation strategies including policy and procedural development in support of a wide range of regulatory frameworks including:

  • PCI DSS (Payment Card Industry Data Security Standards)
  • HIPAA (Health Insurance Portability and Accountability Act)
  • HITECH (Health Information Technology for Economic and Clinical Health Act)
  • NIST (National Institute of Standards and Technology), COBIT (Control Objectives for Information and Related Technology)
  • SOX (Sarbanes-Oxley)
  • GLBA (Gramm–Leach–Bliley Act)
  • FISMA (Federal Information Security Management Act)
  • ISO (International Organization for Standardization) 27001