Tilson provides a comprehensive array of cybersecurity services focused on the development and execution of a complete cybersecurity program (CSP). We believe that proper cybersecurity is integrated into the organizational decision-making process, thereby enabling organizations to achieve their business objectives. Our methodology builds and matures cybersecurity programs via the implementation of effective governance and strategies, enterprise risk management, security controls and frameworks, audits and assurance testing, and ongoing measurement of the results. Tilson’s holistic approach prepares an organization to adequately prevent, detect, and respond to security events.
The Tilson methodology uses a lifecycle process that includes the following six iterative steps:
1) Business Awareness and Gap Analysis – Determine current state and desired future state.
2) Risk Analysis – Identify assets, potential threats and vulnerabilities, and assessing the probability and likelihood.
3) Governance and Policy – Information security policy creation, change control processes, steering committee.
4) Develop Strategy and Metrics – Define goals and objectives, define three-year strategic plan, consider budget, and identify metrics.
5) Implement Strategy – Implement and mature solutions (SIEM, SOAR), security controls, user education, and incident response plan.
6) Test and Monitor – Schedule and perform ongoing vulnerability assessments, penetration testing, and stakeholder reporting.
Tilson works in conjunction with senior leadership, information security officers and IT resources to guide an organization through all phases of CSP development. Additionally, Tilson works with organizations that have an immediate need to address a specific cybersecurity component, or to assist an organization experiencing a security event with incident response management services.