Benefits organizations hold records of highly sensitive personal data, and the consequences of a breach can be devastating. Having confidentiality, integrity, and accessibility are foundational components of information security. These are achieved through adhering to a strong security framework from a recognized institution such as the National Institute of Standards and Technology (NIST). Linea uses a framework customized to the benefits industry to help organizations assess, plan, and implement better cybersecurity environments.
Linea utilizes a risk-based approach to cybersecurity threat mitigation. We seek to maintain the confidentiality, integrity, and availability of data stored by our clients, either on premise or in the cloud. Our consultants utilize the National Institute of Standards and Technology (NIST) Cybersecurity Framework(CSF) to assist clients in minimizing their cyber risk. Customizing the NIST CSF, Linea performs a risk-based assessment applying and customizing their 17 key controls specifically for public pension funds. We call this our Pension Cyber Security Framework (PCSF).
The roadmap is a strategic plan for your organization’s approach to cybersecurity. The plan categorizes your areas of cyber risk, classifies your data as either high, medium, or low, and identifies an appropriate standard for compliance. It will consider applicable statutes, regulations, and best practices for inclusion. The roadmap will identify the horizon and pathway the organization will take to build, implement, and improve its cybersecurity capabilities.
Linea consultants gather cybersecurity needs and requirements for benefits systems modernizations. We consider technical requirements, compliance requirements, and best practice standards for protecting personally identifiable information, and the technical and business impacts if that data was to be breached, modified, or unavailable.
We cannot emphasize enough how important gathering cybersecurity requirements is, and how important it is to begin before a solution option has been chosen. Security will affect system design, vendor selection, and changes to both business and technical processes. Waiting until after an implementation to address security can be much more time-consuming, costly, and risky. Because Linea Secure has both cybersecurity and benefits expertise, we know which processes and systems will require the most attention, we have a better understanding of threat severity levels for our industry, and we already have knowledge of both the available solutions and the other third-party vendors with which clients will interface. This gives us great advantage over cybersecurity vendors who do not have our industry expertise.
Linea will craft training programs that are specific to an organization’s needs. We facilitate workshops for an organization focusing on compromise avoidance and the practice of good cyber hygiene. The training will allow a board and staff to identify threats, understand how adversaries seek to compromise the organization, and actions and practices to counter these threats.
Retainer services give organizations the ability to access Linea Secure services and personnel at pre-negotiated rates. Our personnel could be used to perform training, provide consulting services, and facilitate meetings. Additionally, Linea could be retained to facilitate an incident response if an event occurred. These pre-negotiated hours and rates are a great way to perform annual planning in an uncertain world where threats evolve daily.