Case Studies

Situation

A Large Biotech was facing possible FDA, SEC and HIPAA penalties if they weren’t able to demonstrate security and privacy compliance.

• Auditors demanded enhanced compliance around Information Security and Privacy
• The FDA, SEC and HIPAA had just completed audits and identified potential issues

Approach

• L8S started with a gap assessment
• Crafted a program around the gaps
• Prioritize activities:
  • Information Security Program
  • Security Remediation Implementation
  • Phishing simulation and Cybersecurity Awareness

Conclusion

Layer 8 Security applied an Information Security Program Manager

• Conducted Information security risk assessment and established client’s risk appetite
• Defined Program capabilities and roles/responsibilities
• Vulnerability assessment regimen
• Ongoing cyber awareness training and simulations
• Continuous improvement of Program via semi-annual reviews with client management
• Saved client from penalties
• Implemented Enterprise Information Security and Privacy Program
• Auditors very satisfied with “best in class” information security and privacy program

Key Success Factors

• Worked closely with client’s executive management to develop and manage an Enterprise Information Security and Privacy Program
• Used Layer 8 Security Risk Assessment, HIPAA Gap Assessment and Integrated Security Monitoring Tools for integrated program implementation
• Applied the Layer 8 Security Lifecycle methodology to address controls in order of priority