Questions About Our IT Consultancy?

Technology helps in improving business productivity by allowing collaboration, communication, and knowledge sharing which would enable employees to innovate and be productive. Moreover, true productivity and business benefits can only be achieved when this complex technology is well planned, implemented and maintained. When you choose an IT consulting service, you do not hire one person, but you hire an entire company which is having in-depth knowledge about the businesses needs & requirements.
The work and experience of IT consultation services will help you choose and implement the most innovative technological advancements that will give you a competitive advantage.

As an organization focused on the safe and effective use of information technologies and cyber security, we provide:

  • Data Collection, Organization, Analyses, and Protection
  • Risk Identification, Mitigation and Management Plans and Execution
  • Technology Environment and Vulnerability Assessment and Testing
  • Intrusion, Virus and Malware detection
  • Security Identification Event Management (SIEM)
  • Security Framework Adoption (HIPAA, PCI-DSS, NIST & ISO)
  • Firewall Configuration and Monitoring
  • Network, Server and Storage Design and Administration
  • Advanced Active Directory Administration
  • Cloud, Hybrid or On-premises Virtualization
  • E-commerce Setup and Configuration
  • Unified Communications and VoIP Management Solutions
  • Email Protection, Security and Configuration
  • Cyber Security Employee Education and Training
  • Project Management (Migrations, Upgrades, & New Setups)
  • Virtual and Consulting Cyber Security Officers

As an organization we have deep experience working with clients across virtually all types of organizations, including:

  • Retail
  • E-commerce
  • Healthcare
  • Medical Device
  • Manufacturing
  • Supply Chain
The Lyon Company has over 20 years of experience in the IT field and brings together highly-qualified and dedicated professionals. Our team of consultants helps organizations and companies of small and medium-size to improve and optimize their work and service. We build strategies that suit our clients’ needs and will lead to better performance and higher leverage. Our company will not only suggest the right technologies and strategy for your enterprise but also help you implement them. We always follow the latest best practices and use up-to-date technologies, that help business in different industries to grow, enhance their performance, stay competitive, and bring better results for the organization.
The Lyon Company is there to supplement your in-house staff, not replace it. The Lyon Company Team can help with the needs assessment, do the research on the products and services needs to meet those goals, and to do the heavy lifting with the implementation of those products and services. The Lyon Company is there to help with those projects that you either do not have the time to do or do not quite feel is in your comfort level.


Questions About Cyber Security?

Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.
The HIPAA Security Rule requires covered entities to implement technical safeguards to protect all electronic protected healthcare information (ePHI), making specific reference to encryption, access controls, encryption key management, risk management, auditing and monitoring of ePHI information. Health Information Technology for Economic and Clinical Health (HITECH) Act, Enacted as a part of the American Recovery and Reinvestment Act (ARRA) of 2009, the HITECH Act expands the HIPAA encryption compliance requirement set, requiring the disclosure of data breaches of “unprotected” (un-encrypted) personal health records, including those by business associates, vendors and related entities. The “HIPAA Omnibus Rule” of 2013 formally holds business associates liable for compliance with the HIPAA Security Rule.
PCI DSS is a “framework for a robust payment card data security process.” Any organization that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data with varying degrees of security requirements based on the number of credit cards processes.

Any organization that handles CUI data and does business with the Department of Defense (Do) (either as a prime or subcontractor) are required to comply with Defense Federal Acquisition Regulations Supplement (DFARS) clause 252.204.7012 (Safeguarding Unclassified Controlled Technical Information) as of December 2017. Compliance with NIST SP 800-171 satisfies the DFARS clause requirement.

Full compliance with NIST SP 800-171 requires creation and maintenance of the following documentation (also known as artifacts): System Security Plan (SSP), and Plan of Action and Milestones (POA&M).

The SSP illustrates your CUI system environment (to include system description, system environment diagram, and full hardware/software inventory) and details how thoroughly your organization currently implements each of the 110 required security controls contained within Chapter Three of NIST SP 800-171.

The POA&M contains a list of all security controls that are not fully implemented within your CUI system environment and includes both associated fix actions and estimated completion dates.

Following initial creation, the SSP must be reviewed and updated at least annually to maintain compliance. Further, the POA&M should be updated both quarterly to record progress made towards control implementation and annually when updating the SSP.

NAIC Insurance Data Security Model Law Compliance Adopted in the fourth quarter of 2017 requires insurers and other entities licensed by state insurance departments to develop, implement, and maintain an information security program; investigate any cybersecurity events; and notify the state insurance commissioner of such events. If the Licensee learns that a Cybersecurity Event has or may have occurred the Licensee or an outside vendor and/or service provider designated to act on behalf of the Licensee, shall conduct a prompt investigation.

The latest cybersecurity threats are putting a new spin on “known” threats, taking advantage of work-from-home environments, remote access tools, and new cloud services. These evolving threats include:

  • Malware
  • Ransomware
  • Phishing / Social Engineering
  • Insider Threats
  • Distributed Denial-Of-Service (DDoS) Attacks
  • Advanced Persistent Threats (APTs)
  • Man-In-The-Middle Attacks
Data breach disclosure law notification requirements following loss of personal information have been enacted by governments around the globe. They vary by jurisdiction, but almost universally include a “safe harbor” clause, which means that if the stolen data is undecipherable and meaningless to whomever steals it, the breached organization does not need to report the breach. Consequently, data-centric protection, such as encryption, is considered best practice, because it renders data meaningless without the keys to decrypt or de-tokenize it.
Encryption of personal data wherever it resides – including file systems databases, web repositories, cloud environments, big data environments and virtualization implementations. Policy-based access controls to assure that only authorized accounts and processes can see the data. Monitoring of authorized accounts accessing data, to ensure that these accounts have not been compromised. Implementing Zero-Trust security model.


Questions About IT Infrastructure?

The term IT infrastructure is defined as a combined set of hardware, software, network, facilities and related technologies used to develop, test, deliver, monitor, control or support it. This can be broken into seven key components - Switching, Routers, Firewalls, Servers, Physical Plant, People, and Server Rooms/Data Center.
Cloud infrastructure services are relatively new options that allow businesses to rent software, infrastructure, services and human resources from external vendors who will deliver them using the internet, Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).
Modern IT infrastructure is a stack of next-generation technology and services utilized to develop IT environments that are highly flexible, scalable and agile. The dynamic, diverse, and elastic modern IT infrastructure enables organizations to consistently deliver highly optimized user experiences by leveraging multi-cloud and hybrid cloud deployments, containerized workloads and server-less computing.
Yes, planned properly and done right the first time, structured cabling will provide the flexibility to grow, troubleshoot, and improve resiliency.
Whether it is simple or complex our team has the specific skill-sets and expertise. From firewalls, to servers, to connecting different offices, we can help lead you down the right path.


Questions About IT Strategic Advisory & Planning?

An IT strategy plan is a guiding document for a company’s IT organization. It defines the overall goals, the strategies that support those goals, and the tactics that are needed to execute those strategies. Each section of the IT strategy plan focuses on one strategy and describes specific activities needed to implement that strategy. Think of it as a high-level project plan for realizing a strategy.
The plan is like a large schedule to address all gaps between the current state of IT and meeting best practices. It will address all initiatives that lead to business outcomes and goals. The IT strategy plan must be aligned with, and support, the company’s overall business vision.
Technology naturally evolves over time, constantly providing opportunities to provide better, faster, cheaper service. When reviewing IT strategy examples, technology should take center stage considering its role in IT.
Our IT consultants follow proven processes that are matched to industry best practices for quality results, we can keep scope creep to a minimum and keep your projects on budget.
The security of your systems is our top priority. We realize that security is of optimal concern, and our team is adept at ensuring your data and your systems are safe.