Lantego has been helping organizations align security controls with business objectives since 2006. Below is a sampling of some of the projects we have completed.
- FFIEC Cybersecurity Risk Assessment - Lantego performed a cybersecurity risk assessment on a state bank. The assessment included requirements from GLBA, FFIEC CAT, and CIS CSC Top 20. The project included a review and revision of the vendor management program and the development of a process and tools for the bank to conduct their own risk assessments in the future.
- ISO 27001/2 Gap/Risk Assessment - Lantego performed ISO/IEC 27001/2 Gap Assessments and Security Risk Assessments for a major e-commerce organization and a software development organization. The gap assessments supported their efforts of security program improvement towards ISO/IEC 27701/2 certification.
- HIPAA Gap/RIsk Assessment - Lantego performed many HIPAA security and privacy gap and risk assessments for major hospitals, healthcare organizations, and state agencies. The gap assessments were instrumental in providing a roadmap towards HIPAA security and privacy compliance.
- PCI DSS Gap Assessment - Lantego performed PCI DSS gap assessments for a major real estate / rental organization and a city government. These assessments were instrumental in providing a roadmap for security program improvements towards PCI DSS compliance.
- NIST 800-171 - Lantego is now performing NIST 800-171 assessments. This NIST publication of security controls is a simplified set of the NIST 800-53 controls designed specifically for non-federal organizations that work with federal sensitive but non-confidential data.
- NIST 800-53 (FISMA) - Lantego performed a NIST 800-53 (Federal Information Security Management Act) gap assessment for state government agencies. These assessments resulted in the creation of a Plan of Actions and Milestones (POAMs) and a prioritization of security program improvements.
- NIST CyberSecurity Framework (NIST CSF) Gap Assessment - Lantego performed NIST CSF gap assessments for a state college and a major retailer. These assessments resulted in the creation of security program report cards and a prioritization of security program improvements.
- Arizona Department of Administration - Lantego rewrote the information security policy, standards, and procedure set for the ADOA. This project included a review of all state and Federal information security laws and statues, HIPAA, PCI DSS, NIST 800-53 and IRS Pub 1075 and resulted in the creation of 17 policies, 8 standards, and an extensive training program including instructor-led training and policy development workshops for all 145 state agencies.
- PCI DSS Policy Set Creation - Lantego has created information security policy sets for several small and medium sized businesses to support their efforts to meet the Payment Card Industry Data Security Standard.
- HIPAA Policy Set Creation - Lantego has created information security policy sets for several hospitals and medical insurance organizations in support of the security and privacy rules of the Health Insurance Portability and Accountability Act.
- Cyber Security Framework Workshop - Covers NIST CSF, NIST 800-53, NIST 800-171 and FISMA. Work with corporations to structure their security / security assessment program around the NIST CSF.
- Certified Information System Security Professional (CISSP) Examination Preparation - Lantego has been providing CISSP training since its inception in 2006 and has delivered over 150 classes to over 2000 CISSP candidates and has one of the industries highest pass rates.
- Private classes for a major international information security organization.
- Public classes taught in Austin, TX 3-4 times per year.
- Certified Information System Auditor (CISA) Examination Preparation - Lantego has provided CISA training for over 5 years and has one of the industries highest pass rates.
- Information Security Workshops - Lantego has provided information security workshops to government and commercial organizations on topics ranging from NIST CyberSecurity Framework, Policy Development, and Information Security Risk Assessments.