• Who has custody of the data?
• What they are doing with it?
• Is data being used and processed properly?
• What actions should be taken if something fails?
• How is the IT infrastructure monitored?
• How can the system be breached - how do we react?
• What are the quantifiable risks of the IT operation?

Security vs. Custody

• Security is a measure.  CCLIF enables you to understand and have Custody of your data.  Treat data like cash when you view it as a tangible, you are able to manage the questions of "where is my data, who has it and why?"
• All data systems can and will be compromised
• Surviving compromise depends on limiting the loss from any breach of a system and having a planned response (proactive policies rather than reactive actions).
• CCLIF assesses the risk of your data being stolen, damaged, or altered.  CCLIF finds the gaps in your IT infrastructure and makes recommendations for remediation that are in line with your business needs.

C.C.L.I.F - Cybrinths Continuous Learning Information Feedback Process

• CCLIF is an instrument checking as many as 1400 IT and Data Procedure process steps against registered best practice and documented threats.
• CCLIF analysis gauges data custody better than any known instrument.
• CCLIF defines 13 layers of security and quantifies the risks of movement between them.
• CCLIF is the first instrument developed to create gap analysis in the working reality of distributed data environment for policy and procedure.
• CCLIF documents the economic risks and impacts each process and IT investment.

Cybrinths 13 layers of Security   A Brief Snapshot of 13 Layers - Link 

1. Risk Management and Assessment of Data Custody
2. Policy Management and Procedures
3. Cyber-Intelligence and Monitoring Goals
4. Access Controls/Authentication Rules
5. Firewalls and Perimeter Control Maps
6. Active content filtering Policy
7. Intrusion detection system (IDS) & countermeasures defined
8. Virus scanners and Trojan Removers defined.
9. Encryption in Storage and Transmission defined
10. Systems administration and Change Management policy
11. Incident response plan (IRP) and Recovery Goals completed
12. Wireless Security and Vendor Guidance in place
13. Remediation Strategies for Identified Vulnerabilities

• Cybrinth Data Custody Evaluation Consists of:
  • Performing an initial risk assessment, which is based upon the CCLIF methodology. This analysis will cover policy, procedure and architecture as they relate to securing IT assets.
  • Penetration Test and Vulnerability assessment study.
  • Development of Information System Security Policy (ISSP).
  • Training Seminar for Senior Management per Risk assessment findings and ISSP.
  • Subscription service for cyber-intelligence and annually revised CCLIF methodology.
  • Annual refinement of ISSP.

The result of the CCLIF Process is a complete "road map" defining the custody of critical data in every process the Client undertakes in their business operations. This knowledge informs and impacts Vendor Contracts, Employment Contracts and Duties, Executive Roles, Sarbannes Oxley and Graham, Leach, Bliley, SEC Reporting and both internal and external Auditing functions.