Key Player

The Vice President of Information Systems for a specialty product manufacturer.

Business Issue

This family-owned business had been very successful throughout the years without the rigors and formality of many businesses. This created a company culture that believed their risk of cybersecurity attacks was quite low, despite the uptick all around the country in a wide variety of industries. When the organization experienced a cyber-attack, they were not prepared. There were no security processes in place and the staff had a limited understanding of security controls. Recent phishing emails resulted in user credentials being stolen in order to siphon money from health savings accounts.


The SVA Process

SVA Consulting functioned as a virtual Chief Information and Security Officer (CISO). In that role, they performed a risk assessment, led privacy and security leadership discussions to formulate a new direction on cybersecurity, created operational procedures for dealing with cyber incidents, trained staff on the appropriate reaction to breaches and introduced formal reporting metrics for measuring success.

Business Outcome

Albeit SVA cannot prevent 100% of cybersecurity attacks, the strategies and tactics put in to place were the catalyst to addressing the latest phishing scam, which was reported and addressed within just a few hours of discovery, with no loss of data. The IT staff now has a playbook they follow that guides them through the process from discovery to eradication. The formal SVA security training raised awareness within the organization and created a self-initiated process, which prepares IT to react swiftly and correctly when hit with a future cybersecurity event.


Want more information?

See our case studies and how we’ve helped others just like you


Virtual Chief Information and Security Officer For a Healthcare Company


Payment Card Industry Risk Assessment For a Not-For-Profit Organization


Virtual Chief Information and Security Officer For a Specialty Product Manufacturer


Cyber Incident Management For a Healthcare Company