Some of the areas of service and solutions Trova provides in the Cyber Security/GRC (Governance, Risk, Compliance) Practice include:

Information Security

  • Virtual Chief Information Security Officer (vCISO)
  • Enterprise Security Roadmap
  • Information Security Policies
  • Vulnerability Scans
  • Penetration Testing
  • Vendor Compliance Program Design
  • Vendor Risk/Compliance Assessments
  • Incident Response Plan Testing
  • Incident Response Assistance
  • Security, Risk, and Compliance Remediation

Compliance

  • Consolidated Control Framework Creation
  • PCI Compliance Assessments (and SAQ assistance)
  • PCI Compliance Consulting
  • PCI Remediation
  • HIPAA Risk Assessments
  • HIPAA remediation
  • HIPAA Compliance Consulting
  • Privacy Law Assessments (including EU GDPR)
  • SOX Compliance Consulting
  • SOX Remediation
  • Various other standard based assessments (NIST, ISO, COBIT, FISMA, …)

Risk Management

  • NIST based Risk Management Program Design
  • Risk Assessments (standards based to include NIST, HIPAA, ISO, etc.)
  • Penetration Testing
  • Vulnerability Scans
  • Vulnerability Management
  • Risk Mitigation/Remediation

Secure Managed Services

  • System Administration
  • System Hardening
  • Policy Enforcement
  • Identity and Access Management
  • Change Control
  • Separation of Duties
  • Patch Management
  • Endpoint protection
  • Logging and monitoring
  • Event Notification
  • Incident Response