New York, NY, June 24, 2021 – Cornerstone.IT has taken security to the next level by adopting the National Institute of Standards and Technology (NIST) controls typically used for government agencies and Department of Defense contractors.
New work models have created an urgency for law firms to be secure and compliant; protecting data is now on every firm’s mind, regardless of its size. “With hackers at it 24/7, we need to keep ourselves secure to keep our clients secure, “says Cornerstone.IT Principal Tommy Moreo, PhD. “We have now built NIST compliance into our managed services to ensure NIST standards are adhered to in real-time by both Cornerstone and its clients.”
Certified Information Systems Security Professional (CISSP) Thomas Nohs describes the NIST cybersecurity framework as, “a questionnaire that asks a question in diverse ways to get the right answer so that nothing is missed.”
“Being secure is an ongoing and never-ending task,” says Amy Russo, who project managed the process for Cornerstone.IT. “Our sensitive data now has a higher level of protection, but it is a rinse and repeat cycle that includes running risk assessments; awareness training; new processes implementation; documenting and tracking. We had to follow requirements and protocols and do back-end activities to further protect our sensitive data.”
That security cycle includes ongoing communication between Cornerstone’s technical team and its CISSP; personalizing and formatting policy templates; creating action plans for each policy; implementing and tracking policies internally; and conducting third-party risk assessments for consultants and vendors.