SPHEREboard is a culmination of years of experience working with organizations to solve complex Governance, Security and Compliance issues. In every implementation of SPHEREboard, we combine our business intelligence, your institutional knowledge and industry best practices to manage your resources.
The goal of SPHEREboard is to provide a visual representation of critical analytics, a simple mechanism for remediating new issues and a single pane of glass for all levels of your organization.
SPHEREboard empowers you to manage your data, systems and the access to them. By integrating and correlating data from disparate systems, we provide all facets of information from an executive overview down to the administrative details.
Active Directory Evaluation
An Active Directory Evaluation is a rapid and effective service offering to gain critical insights into the state of your AD. Through this evaluation, you will learn about your environment and how to move to a cleaner, safer state. We will answer the following questions:
- What are the objects and their potential use case?
- Who has elevated privileged permissions?
- What systems are vulnerable to security threats?
By providing a deeper understanding of your current environment we can find the areas of concern and show your organization the optimal way of configuring, securing and maintaining your Active Directory environment. You will know what you have, who has access and how your environment is configured.
What is the New York Cybersecurity Regulation?
In effect 23 NYCR Part 500 Financial Services Law
With Cybercrime on the rise, the DFS Cybersecurity Requirements for Financial Services Companies, created regulations which are designed to ensure safe and sound operations of Financial Providers, and protect New York’s consumers. SPHERE has created a “Readiness Assessment Tool to help companies self-assess and identify if they will be compliant and highlight any gaps”.
Covered entities include but are not limited to, Banks, Lenders, Insurance Companies. To see if your classification of business is affected, click here.
The in effect rule specifically requires what each supervised entity needs to do. This includes the following:
- Establish a Cybersecurity Program
- Maintain written Cybersecurity Policies
- Follow Data Governance and Classification practices
- Annual Penetration Testing
- Quarterly Vulnerability Assessments
- Institution of Log Management
- Implementation of Access Controls based on “Least Privilege”
- Development of an Application Security Practice for internally developed applications
- Annual Risk Assessment
- Employ Cybersecurity professionals to manage your risks
- Launch a Third Party Information Security Policy and Risk Management Program
- Configure Multi-Factor Authentication
- Implement Record Retention Policies and Procedures
- Provide Security Awareness Training
- Institute Data Encryption for data in transit or stored
- Develop and test and security Incident Response Plan
- Report on a bi-annual basis to the company’s board or governing body on risks
- Annually certify your compliance to the DFS
Regulated entities will have 180 days from the effective date of the rule to comply with its requirements, except as otherwise specified. The rule went into effect on March 1, 2017.
Privilege Access Management
Privileged accounts represent the largest security vulnerability an organization faces today. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take full control of an organization’s IT infrastructure, disable security controls …..
SPHERE partners with a variety of partners that provide value in the Privilege Access Management space including Quest and CyberArk. This datasheet focuses on CyberArk and their solution around Privileged Access Management technology. CyberArk provides tools to manage access to privileged accounts; manage fine grained access to privilege; monitor the use...
Building Sustainable Processes
There is far more to privileged access management than just technology however. SPHERE provides a range of services designed to help you build sustainable processes as part of your Privilege Access Management strategy. SPHERE will…
Whitepaper: Implementing a Data Governance Plan
This whitepaper outlines the business drivers for creating a robust Data Governance strategy, with details on what should be included, how it should be implemented and other key areas to consider.
Public Folders in Exchange 2013
If you’re like most organizations, your current public folders are most likely in disarray. Whether you are migrating to Exchange 2013 or just want to get a handle on your public folders, you are going to have to understand what you have, who owns the folders, who has access to them, who is accessing them, and what is stale or active.