FAQ

Questions About Our IT Consultancy?

Why Enterprise IT Consulting Services Are Necessary for Businesses?

Technology helps in improving business productivity by allowing collaboration, communication, and knowledge sharing which would enable employees to innovate and be productive. Moreover, true productivity and business benefits can only be achieved when this complex technology is well planned, implemented and maintained. When you choose an IT consulting service, you do not hire one person, but you hire an entire company which is having in-depth knowledge about the businesses needs & requirements.

Who Are IT Consultants and What Do They Do?

The work and experience of IT consultation services will help you choose and implement the most innovative technological advancements that will give you a competitive advantage.

What IT Consulting Services Do We Offer?

As an organization focused on the safe and effective use of information technologies and cyber security, we provide:

Data Collection, Organization, Analyses, and Protection
Risk Identification, Mitigation and Management Plans and Execution
Technology Environment and Vulnerability Assessment and Testing
Intrusion, Virus and Malware detection
Security Identification Event Management (SIEM)
Security Framework Adoption (HIPAA, PCI-DSS, NIST & ISO)
Firewall Configuration and Monitoring
Network, Server and Storage Design and Administration
Advanced Active Directory Administration
Cloud, Hybrid or On-premises Virtualization
E-commerce Setup and Configuration
Unified Communications and VoIP Management Solutions
Email Protection, Security and Configuration
Cyber Security Employee Education and Training
Project Management (Migrations, Upgrades, & New Setups)
Virtual and Consulting Cyber Security Officers

What Industries Does The Lyon Company Support and Have Experience With?

As an organization we have deep experience working with clients across virtually all types of organizations, including:

Retail
E-commerce
Healthcare
Medical Device
Manufacturing
Supply Chain

Why Choose Our IT Consulting Company?

The Lyon Company has over 20 years of experience in the IT field and brings together highly-qualified and dedicated professionals. Our team of consultants helps organizations and companies of small and medium-size to improve and optimize their work and service. We build strategies that suit our clients’ needs and will lead to better performance and higher leverage. Our company will not only suggest the right technologies and strategy for your enterprise but also help you implement them. We always follow the latest best practices and use up-to-date technologies, that help business in different industries to grow, enhance their performance, stay competitive, and bring better results for the organization.

Does The Lyon Company Replace In-House IT Staff?

The Lyon Company is there to supplement your in-house staff, not replace it. The Lyon Company Team can help with the needs assessment, do the research on the products and services needs to meet those goals, and to do the heavy lifting with the implementation of those products and services. The Lyon Company is there to help with those projects that you either do not have the time to do or do not quite feel is in your comfort level.

Questions About Cyber Security?

What is Cybersecurity?

Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.

What is HIPAA HITECH?

The HIPAA Security Rule requires covered entities to implement technical safeguards to protect all electronic protected healthcare information (ePHI), making specific reference to encryption, access controls, encryption key management, risk management, auditing and monitoring of ePHI information. Health Information Technology for Economic and Clinical Health (HITECH) Act, Enacted as a part of the American Recovery and Reinvestment Act (ARRA) of 2009, the HITECH Act expands the HIPAA encryption compliance requirement set, requiring the disclosure of data breaches of “unprotected” (un-encrypted) personal health records, including those by business associates, vendors and related entities. The “HIPAA Omnibus Rule” of 2013 formally holds business associates liable for compliance with the HIPAA Security Rule.

What is PCI DSS?

PCI DSS is a “framework for a robust payment card data security process.” Any organization that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data with varying degrees of security requirements based on the number of credit cards processes.

Does Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations Apply to my Orgainization?

Any organization that handles CUI data and does business with the Department of Defense (Do) (either as a prime or subcontractor) are required to comply with Defense Federal Acquisition Regulations Supplement (DFARS) clause 252.204.7012 (Safeguarding Unclassified Controlled Technical Information) as of December 2017. Compliance with NIST SP 800-171 satisfies the DFARS clause requirement.

Full compliance with NIST SP 800-171 requires creation and maintenance of the following documentation (also known as artifacts): System Security Plan (SSP), and Plan of Action and Milestones (POA&M).

The SSP illustrates your CUI system environment (to include system description, system environment diagram, and full hardware/software inventory) and details how thoroughly your organization currently implements each of the 110 required security controls contained within Chapter Three of NIST SP 800-171.

The POA&M contains a list of all security controls that are not fully implemented within your CUI system environment and includes both associated fix actions and estimated completion dates.

Following initial creation, the SSP must be reviewed and updated at least annually to maintain compliance. Further, the POA&M should be updated both quarterly to record progress made towards control implementation and annually when updating the SSP.

Why Do I Need To Worry About Data Security If I Have Insurance?

NAIC Insurance Data Security Model Law Compliance Adopted in the fourth quarter of 2017 requires insurers and other entities licensed by state insurance departments to develop, implement, and maintain an information security program; investigate any cybersecurity events; and notify the state insurance commissioner of such events. If the Licensee learns that a Cybersecurity Event has or may have occurred the Licensee or an outside vendor and/or service provider designated to act on behalf of the Licensee, shall conduct a prompt investigation.

What Are The Common Cybersecurity Risks?

The latest cybersecurity threats are putting a new spin on “known” threats, taking advantage of work-from-home environments, remote access tools, and new cloud services. These evolving threats include:

Malware
Ransomware
Phishing / Social Engineering
Insider Threats
Distributed Denial-Of-Service (DDoS) Attacks
Advanced Persistent Threats (APTs)
Man-In-The-Middle Attacks

What Are Data Breach Notification Requirements?

Data breach disclosure law notification requirements following loss of personal information have been enacted by governments around the globe. They vary by jurisdiction, but almost universally include a “safe harbor” clause, which means that if the stolen data is undecipherable and meaningless to whomever steals it, the breached organization does not need to report the breach. Consequently, data-centric protection, such as encryption, is considered best practice, because it renders data meaningless without the keys to decrypt or de-tokenize it.

What is The Best Practice For Data Security?

Encryption of personal data wherever it resides – including file systems databases, web repositories, cloud environments, big data environments and virtualization implementations. Policy-based access controls to assure that only authorized accounts and processes can see the data. Monitoring of authorized accounts accessing data, to ensure that these accounts have not been compromised. Implementing Zero-Trust security model.

Questions About IT Infrastructure?

What is IT Infrastructure?

The term IT infrastructure is defined as a combined set of hardware, software, network, facilities and related technologies used to develop, test, deliver, monitor, control or support it. This can be broken into seven key components - Switching, Routers, Firewalls, Servers, Physical Plant, People, and Server Rooms/Data Center.

What is Cloud Infrastructure?

Cloud infrastructure services are relatively new options that allow businesses to rent software, infrastructure, services and human resources from external vendors who will deliver them using the internet, Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).

What is a Modern IT Infrastructure?

Modern IT infrastructure is a stack of next-generation technology and services utilized to develop IT environments that are highly flexible, scalable and agile. The dynamic, diverse, and elastic modern IT infrastructure enables organizations to consistently deliver highly optimized user experiences by leveraging multi-cloud and hybrid cloud deployments, containerized workloads and server-less computing.

Does The Lyon Company Do Structured Cabling?

Yes, planned properly and done right the first time, structured cabling will provide the flexibility to grow, troubleshoot, and improve resiliency.

Why Choose Our IT Consulting Company?

Whether it is simple or complex our team has the specific skill-sets and expertise. From firewalls, to servers, to connecting different offices, we can help lead you down the right path.

Questions About IT Strategic Advisory & Planning?

What Is An IT Strategy Plan?

An IT strategy plan is a guiding document for a company’s IT organization. It defines the overall goals, the strategies that support those goals, and the tactics that are needed to execute those strategies. Each section of the IT strategy plan focuses on one strategy and describes specific activities needed to implement that strategy. Think of it as a high-level project plan for realizing a strategy.

What Is The Difference Between IT Strategy Plan vs An Actual IT Strategy?

The plan is like a large schedule to address all gaps between the current state of IT and meeting best practices. It will address all initiatives that lead to business outcomes and goals. The IT strategy plan must be aligned with, and support, the company’s overall business vision.

What Is An Technology Road-map?

Technology naturally evolves over time, constantly providing opportunities to provide better, faster, cheaper service. When reviewing IT strategy examples, technology should take center stage considering its role in IT.

What Are the Benefits of IT Project Management?

Our IT consultants follow proven processes that are matched to industry best practices for quality results, we can keep scope creep to a minimum and keep your projects on budget.

Does The Lyon Company Have Experience with Large Complex Projects That Have To Meet Strict Compliance Standards?

The security of your systems is our top priority. We realize that security is of optimal concern, and our team is adept at ensuring your data and your systems are safe.