Industries Served
As Regulatory Requirements expand into new industries, organizations find themselves stretched to meet these demands.
Others may fall under the Department of Homeland Security Critical Infrastructure; their assets, systems, and networks are vital to national security.
Organizations face the challenge of lacking the knowledge or internal resources to build and mature their programs, often spinning their wheels in frustration attempting to gain traction.
Finding employees knowledgeable in meeting these requirements can be difficult, keeping them even more so.
Dragoon Security Group brings decades of experience across numerous highly regulated industries, and the promise of continuity.
This experience provides us extensive insight and understanding of Security, Governance, Risk and Compliance to build cost-effective programs around existing operations and allows our client's internal staff to focus on their primary business responsibilities.
Our team of consultants will help guide you in developing and maintaining a comprehensive Information Security & Privacy program. In the event a security incident occurs, your properly maintained and administered program will be defensible before a review board or court of law that appropriate measures were taken to safeguard against reasonable threats.
Banking, Finance & Lending
Financial Institutions are subject to a dynamic regulatory landscape to safeguard consumer data and block online fraud attempts.
Whether acting upon guidance and regulations issued by the FFIEC, GLBA, or NCUA, banking, lending and financial services regulatory authorities are stepping up cooperation to make financial transactions and consumer data more secure.
FS-ISAC Affiliate
Defense Contractors
As of 2018, all members of the DoD Supply Chain that process, store, or transmit are required to become DFARS-Compliant.
DoD has stated any organizations failing to demonstrate “adequate security” and cyber incident reporting, are at risk of fines and losing federal contracting opportunities.
Education
CIPA, COPPA, FERPA, HIPAA
Today's schools face numerous regulations, guidelines and protocols that must be met in order for the students, faculty and staff to safely utilize networked resources.
Along with meeting these regulations in order to be in compliance, meeting these same regulations can also directly impact access to state and federal technology monies.
Government
Rising from the 2012 Department of Revenue breach, South Carolina state agencies and their supply chain have struggled in developing the Governance, people and technology to protect the data of the citizens of South Carolina.
FBI Infra-Gard, MS-ISAC and SC Cyber member
Healthcare
HIPAA regulations not only ensure privacy, reduce fraudulent activity and improve data systems but are estimated to save providers billions of dollars annually.
By knowing of and preventing security risks that could result in major compliance costs, organizations are able to focus on growing their profits instead of fearing these potential audit fines.
Insurance
Signed into law in 2018, the SC Insurance Data Security Act is the first in the nation focused on security in the insurance industry.
The Model Law was developed by the National Association of Insurance Commissioners Cyber Security Working Group, led by the SC Department of Insurance's Director.
Insurance agencies in South Carolina were required to have developed and implemented a comprehensive Information Security Program effective July 2019.
Law Enforcement
Timely access to reliable information is key for LEOs, from patrolmen to major crimes investigators, to catch lawbreakers, perform background checks and track criminal activity.
To safeguard this data, the FBI requires agencies to implement security requirements to prevent unauthorized access or changes.
Failure to comply can cost agencies their access to this data, endangering lives.
MS-ISAC and FBI Infra-Gard member
Legal
E-Discovery, HIPAA, PCI
Law firms store and process some of the most intimate details of their client's personal and professional lives.
These firms are ethically bound to maintain Attorney-Client Privilege and should adhere to the same security standards as their client's industry regulations.
Manufacturing
Operational Technology, also now referred to Internet of Things (IoT), is often overlooked for corporate IT.
When SCADA networks go down, operations come to a halt, and companies lose money.
Air gapping systems is no longer a reliable measure. A multi-layered approach to security is now required.
Non-Profit
Client & Donor Privacy, HIPAA, PCI
Your purpose is to do good within your community. Unfortunately, there are those with less altruistic motives.
A data breach within a Non-Profit can not only negatively impact those you serve, it can also deter confidence in the donors whose support makes your organization possible.
Together SC Business Ally
Publicly Traded Companies
SOX
Enacted in 2002 in response to Enron and other financial scandals, Sarbanes-Oxley (SOX) is a requirement for all publicly traded companies within the United States.
Affiliates of these companies are also finding themselves responsible to meeting the requirements set forth in the legislation.
Failing to comply with this legislation can result in company executives facing personal liability, to include fines, imprisonment, or both.
Real Estate
NAR Data Security & Privacy
DHS CI-Commercial Facilities
The purchase of a new home can be one of the most memorable moments in a family's life.
A compromised Email account can lead to stolen blueprints, redirected funds, and client's personal information.
Retail
80% of organizations fail PCI Audits.
If you capture, process, transmit or store:
Account numbers;
Card expiration dates;
Cardholder names; and
Card Verification Values (CVVs)
you must take steps to safeguard this sensitive payment data.
Failure to do so means you're subject to the following:
Risk of credit card fraud within your store;
Hefty fees and penalties for noncompliance;
Potential litigation and legal expenses; and
Diminished consumer confidence in your business
The fines for non-compliance aren’t small change, they range between $5,000 to $100,000 PER MONTH until compliance is reached.
Public Works & Utilities
Operational Technology, also now referred to Internet of Things (IoT), is often overlooked for corporate IT.
When SCADA networks go down, operations come to a halt, and communities lose power and water.
Air gapping systems is no longer a reliable measure. A multi-layered approach to security is now required.
