CMMC Solutions: A journey of continual evolution
Clarity of thought, built over 100 years of international experience
CMMC Europe is a group of experienced and qualified partners in cyber security, cyber risk management, legal, consulting and executive placement. Who provide organisations with advisory services for the design and delivery of CMMC compliance, cyber risk management, cyber security oversight and assurance and organisational design. CMMC Europe is a group of experienced and qualified partners in cyber security, cyber risk management, legal, consulting and executive placement. Who provide organisations with advisory services for the design and delivery of CMMC compliance, cyber risk management, cyber security oversight and assurance and organisational design.
We have all held senior leadership positions and are experienced in board advisory. Educating board in cyber security. As the Founding Partner Andy has provided board level cyber education and awareness to executive and non-executive directors across a range of industry sectors. He is also qualified as a Chartered Security Professional (CSyP) and CSyP assessor, one of only 2 Professional qualifications recognised by the UKs Centre for the Protection of National Infrastructure (CPNI) and holds a place on the UKs Register of Chartered Security Professionals.
Executive cyber education and awareness programmes
The regulatory and legislative environment surrounding cyber security and cyber risk management is changing rapidly. With a range of regulations such as NYDFS, CCPA, HIPAA, GDPR and PCI-DSS having consequences internationally. The most striking regulatory change comes from the US DoD in the form of its Cyber Maturity Model Certification (CMMC) regulation. Which proposes to strengthen the already enforced DFARS 48 CFR § 252.204-7012 and it requirements to embed NIST 800 – 171 cyber security across the US DoDs Defence Industry Base.
It is important for the board to understand cyber risk management and the threat it poses to their organisations. For boards to Set appropriate levels of risk appetite, assure the effectiveness of cyber practices and oversee the management of cyber risk. For listed and non-listed companies, securing shareholder value and securing corporate IP, FCI, CUI and PII is critical to maintaining the security of an organisation’s financial statements.
We deliver bespoke cyber education and awareness programmes to executives and non-executive directors, and board advisory services
- What is CMMC and what are its implications?
- What is cyber security and cyber risk management?
- How should the board assure and oversight their cyber security capabilities?
- What does a good CMMC and cyber risk management programme?
- What does cyber governance look like and how do you implement it?
- Define board governance policies and procedures for the oversight of cyber and technology risk.
- Implement cyber and technology oversight including appetite setting and associated KPIs and KRIs for risk oversight.
- Work with organisation to develop control effectiveness testing programmes
- Develop cyber risk remediation programmes, to close gaps in cyber security maturity.
CMMC oversight and assurance
- The oversight and assurance of data security programmes including GDPR, CCPA, FCI & CUI.
- Cyber capability reviews and organisational design.
- Cyber practice & control assurance (ISO 27001, NIST 800- 171r2)
- Cyber risk oversight and assurance.
- Cyber incident assessment and expert witness.
Cyber risk management
Cyber risk oversight and assurance is critical for an organisation to manage cyber risks. Providing a clear understanding of the organisations inherent risk exposure, the effectiveness of the risk mitigation practices and programmes and the residual risk accounting for effective controls. Cyber risk management is a continual process of risk evaluation, measurement and reporting. Providing executive committees with the appropriate information so that assurance over the risk exposure.
We deliver global cyber risk and operational risk management programmes within regulated markets.
- Delivery of cyber risk management strategy.
- Design and delivery of cyber risk evaluation, assurance and oversight strategy.
- Design and delivery of global 2nd Line of defence cyber and technology risk oversight and assurance programmes.
- Cyber risk and technology risk appetite setting and executive committee reporting.
- Cyber risk regulatory reporting.
Cyber security strategy and programmes
- Evaluation of cyber security maturity and practice/ control remediation (ISO 27001 and NIST 800 – 171)
- Delivery of global cyber security strategy.
- Design, delivery and management of ISO 27001 and NIST 800 – 171 programmes.