Partner Spotlight: CyRAACS

All postsarrow
Partner Spotlight: CyRAACS

This post is part of our Partner Spotlight Series, where we let our partners describe their companies, backgrounds, and experience with LogicGate. This month we chatted with CyRAACS consulting, a LogicGate partner since 2018.

Can you provide an overview of your company and how you work with your clients? 

CyRAACS is a cyber risk advisory and consulting services organization, part of the Value Point group of companies. We offer a range of services across information security, cyber security, risk management and privacy. Cloud Security, Business Continuity & Disaster Recovery Management, GDPR Compliance, Information Security Maturity Model Assessment, RBI IT Directives Compliance etc. are few of our signature service offerings. Our approach to business transformation is results-focused with key emphasis on customer delight, high performance culture and integrity. We go beyond traditional consulting, our industry experience, customer focus and innovation help us deliver unprecedented business results.

What sets you apart from other companies in your field?

CyRAACS was founded by a group of global CISOs and industry veterans in the information security space. CyRAACS has an experienced team of hands-on practitioners with deep domain expertise in Banking and Financial sectors along with Governance, Risk and Compliance Certifications like CISA, CBCP, CISSP, CISM, ITIL, CRISC etc, and many OEM specific certifications. We have a focussed approach in improving organizations Information Security posture, and creating long term sustainable business value. CRAACS believes in automation of GRC as one of the key differentiator.

How do you see client needs evolving over the next year? Next 3 years?

CyRAACS currently operates in two geographies - India and North America. Regulatory space in Cyber Security in India has changed significantly in the last couple of years and has opened up huge opportunities for companies like CyRAACS to penetrate in providing services. Also, with Qualified Security Assessor (QSA) for PCI being a significant focus for CyRAACS, we intend to deliver the entire PCI stack through LogicGate.

What trends have you noticed in the IT Risk or Cyber Security industry in the last few years?

The regulatory arm is tightening privacy across all geographies - GDPR in Europe, PIPEDA in Canada, California Consumer Privacy Act of 2018 (CCPA) in US, Shri Krishna recommendations for Data Protection Laws in India and many more which opens a wide space for cyber security specialists to assist companies adhere to the regulations and manage privacy risks in alignment with the best practices. 

Also, Industry specific Cybersecurity guidelines have been made stronger like Federal Financial Institutions Examination Council (FFIEC) - US, Consumer Financial Protection Bureau (CFPB) – US, Reserve Bank of India (RBI) -India, Insurance Regulatory and Development Authority (IRDA) - India, Healthcare, (HIPAA, HITRUST) Payments and E-Commerce.

What is the greatest pitfall you see people face when tackling Cyber Security processes?

The People-Process-Technology triage has to be equally weighted and appropriate measures have to be taken to make sure dis-proportionate emphasis in technology is avoided. Many large technology implementations like Identity and Access Management (IdAM), data leakage prevention have not been successful because of lack of process driven approach. With skills becoming scarce, it is important for companies to choose the right partner who can support the customer in their journey earnestly.

What is the best advice you would give someone who is charged with leading a new  InfoSec program or IT process deployment?

Organizations should adopt the best in class frameworks for their cyber security and should not implement for the sake of compliance but to alleviate the risk. At minimum, organizations should make sure they are compliant continuous basis.

In your opinion, where should someone start when creating an InfoSec program?

Make sure to build a comprehensive risk register and then build your controls environment in accordance to your risk appetite.

In your experience, how have your clients fostered executive awareness or support for investment in their program (for services or technology investment)? Do you think this is always necessary?

Yes, it is always necessary and we have seen this growing in all our discussions with our clients. It is one of the top-2 agenda in board discussions.

Why did you select LogicGate as a trusted partner?

LogicGate is simple, intuitive, elegant, and easy to implement. It is user-friendly from both the configuration and end user perspective. With lot of API integrations, LogicGate provides a wide array of functionalities to be worked for GRC solutions.

Subscribe to Our Newsletter, LogicGate Insights. 




arrowAll posts

Related Posts

View all postsarrow