QBE offers a traditional trifurcated approach to cybersecurity, data and
information defense, and Information Technology (IT) protection:
QBE cybersecurity assessments analyze existing controls and compare
your current system health to known vulnerabilities and weaknesses.
existing controls and
compare your current
system health to
Assessments begin with baseline assumptions, but are tailored to each client’s unique operational and IT environments. Assessment scope includes consideration for:
Through years of experience, QBE has audited, implemented, supported, or
researched numerous national and international security standards.
Among the more common are:
This International Standard focuses upon developing, implementing, and continually improving a risk-based data and information security management model within an organization of any size. The standard includes itemized, defined controls intended to ensure security for networks, assets, documentation and artifacts, human resources, compliance, and third-party involvement in an organization.
NIST Cybersecurity framework (National Institute of Standards and Technology)
This auditable framework provides guidance for preventing, identifying, and managing cybersecurity risks.
FAR / DFARS. The Federal Acquisition Regulation (FAR)
The Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS) establish legal requirements and guidelines for working with the US Government. QBE offers extensive experience conforming to, or complying with FAR and DFARS regulations.
FIPS 140 (Federal Information Processing Standards)
FIPS 140 specifies requirements for cryptology and cryptographic models. Commonly implemented versions include FIPS 140-2 and FIPS 140-3.
PCI-DSS (Payment Card Industry Data Security Standard)
PCI-DSS provides information security guidance targeted at organizations that manage or transact credit card data. PCI-DSS controls are designed to both prevent the loss of sensitive information and to provide assurance to customers and users.
HIPPA (Health Insurance Portability and Accountability Act)
HIPAA defines the rules and controls (uniform standards) necessary to transact, manage, and transfer healthcare data and information. Although primarily applicable to healthcare providers, QBE has implemented this standard in commercial organizations as well as government agencies.
FERPA (Family Educational Rights and Privacy Act)
FERPA provides federal guidance and mandates (via legal controls) that establish the boundaries, and protect the privacy, of student and education records.
IRS Publication 1075 (IRS Safeguards)
Publication 1075 guides organizations on the practices and controls for protecting Federal Tax Information (FTI). Although rare for private organizations, IRS Safeguard audits or reviews are common in government agency settings.
ISO 3100 (Risk Management)
The ISO 3100 international standard provides guidance for the design and implementation of risk management systems, including the application of risk management processes.
The CMMC model is relatively new and still in development and transition. CMMC was established by the US Government with a principal focus of measuring organizational cybersecurity processes and controls.
QBE is operating at the forefront of the CMMC environment.
While the CMMC model is evolving, eventually nearly every US Government contractor will be required to meet some level of CMMC maturity.
While the CMMC model is
evolving, eventually nearly
every US Government
contractor will be required to
meet some level of CMMC
Potential solutions to security
threats can be wide and varied.
QBE supports clients by:
controls to archieve a tailored and
Manage IT program supported by breach
protections and disaster recovery.
engineering to ensure success and protection.