Cybersecurity and
Technology Strategy

QBE offers a traditional trifurcated approach to cybersecurity, data and
information defense, and Information Technology (IT) protection:

Assessment

Controls

Solutions

Assessment

Controls

Solutions

Assessment

QBE offers assessment expertise to identify data and information risks and vulnerabilities, and establish appropriate responses. Initial and on-going cyber threat assessments are a fundamental and holistic approach to data protection and IT risk management.

QBE cybersecurity assessments analyze existing controls and compare
your current system health to known vulnerabilities and weaknesses.

QBE cybersecurity
assessments analyze
existing controls and
compare your current
system health to
known vulnerabilities
and weaknesses.

A forward looking approach is implemented to ensure your IT team and business leadership make informed decisions about future threats, developing cybercrime techniques, and emerging defensive tools available in the marketplace.

Assessments begin with baseline assumptions, but are tailored to each client’s unique operational and IT environments. Assessment scope includes consideration for:

Value

Bugdet

Risks

Goals

Controls

Through years of experience, QBE has audited, implemented, supported, or
researched numerous national and international security standards.
Among the more common are:

ISO 27001

This International Standard focuses upon developing, implementing, and continually improving a risk-based data and information security management model within an organization of any size. The standard includes itemized, defined controls intended to ensure security for networks, assets, documentation and artifacts, human resources, compliance, and third-party involvement in an organization.

NIST Cybersecurity framework (National Institute of Standards and Technology)

This auditable framework provides guidance for preventing, identifying, and managing cybersecurity risks.

FAR / DFARS. The Federal Acquisition Regulation (FAR)

The Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS) establish legal requirements and guidelines for working with the US Government. QBE offers extensive experience conforming to, or complying with FAR and DFARS regulations.

FIPS 140 (Federal Information Processing Standards)

FIPS 140 specifies requirements for cryptology and cryptographic models. Commonly implemented versions include FIPS 140-2 and FIPS 140-3.

PCI-DSS (Payment Card Industry Data Security Standard)

PCI-DSS provides information security guidance targeted at organizations that manage or transact credit card data. PCI-DSS controls are designed to both prevent the loss of sensitive information and to provide assurance to customers and users.

HIPPA (Health Insurance Portability and Accountability Act)

HIPAA defines the rules and controls (uniform standards) necessary to transact, manage, and transfer healthcare data and information. Although primarily applicable to healthcare providers, QBE has implemented this standard in commercial organizations as well as government agencies.

FERPA (Family Educational Rights and Privacy Act)

FERPA provides federal guidance and mandates (via legal controls) that establish the boundaries, and protect the privacy, of student and education records.

IRS Publication 1075 (IRS Safeguards)

Publication 1075 guides organizations on the practices and controls for protecting Federal Tax Information (FTI). Although rare for private organizations, IRS Safeguard audits or reviews are common in government agency settings.

ISO 3100 (Risk Management)

The ISO 3100 international standard provides guidance for the design and implementation of risk management systems, including the application of risk management processes.

CMMC

The CMMC model is relatively new and still in development and transition. CMMC was established by the US Government with a principal focus of measuring organizational cybersecurity processes and controls.

QBE is operating at the forefront of the CMMC environment.

QBE is actively supporting clients with CMMC implementation, training, assessment, vulnerability testing, and maturity.

While the CMMC model is evolving, eventually nearly every US Government contractor will be required to meet some level of CMMC maturity.

While the CMMC model is
evolving, eventually nearly
every US Government
contractor will be required to
meet some level of CMMC
maturity.

For CMMC compliance, contact QBE and allow us the opportunity to show our experience and expertise in this developing arena of data and information security.

Solutions

Potential solutions to security
threats can be wide and varied.

QBE supports clients by:

Performing proper analysis and applying proper
controls to archieve a tailored and
successful solution.
Defined processes and maturing management
controls.

Manage IT program supported by breach
protections and disaster recovery.

Fully managed cloud solutions with network design and
engineering to ensure success and protection.

Whatever size, need, and concern, QBE can deliver a proper solution. Contact our organization and discover how we can help you protect your people and information.