Information Security


With more government business conducted electronically, state and local agencies face rising threats and privacy concerns.  The risk of data being compromised is greater than ever and can lead to huge liabilities, hefty fines, and bad press.  Security for mission-critical applications involving tax information, medical records, electronic prescriptions, and other private and sensitive data is critical.

At NYSTEC, we understand that information security is a process that must be built in, not bolted on.  Security must address threats with multiple layers of controls.  It must be a continuous effort encompassing policy, process, procedure, education, monitoring, and enforcement.

Thanks to our in-depth experience with federal and state regulations and policies, NYSTEC is uniquely positioned to help you develop a layered security strategy that will increase the integrity, confidentiality, and availability of your IT systems.

Brief Remarks, NYS Senator Griffo and NYSTEC CEO, at a Central NY Cybersecurity Roundtable.

At a roundtable discussion with leaders from government, public safety, banking, and business on Cybersecurity: remarks provided by NYS District 47 Senator Joseph Griffo and NYSTEC President & CEO Mike Walsh.

Our Information Security Offerings

HIPAA Risk Assessment

Cross-Industry Support

  • Business Continuity/Disaster Recovery
  • Cloud Security Assessment
  • Application Mobile Security
  • Data Classification
  • Federal Information Security Management Assessment
  • Identity & Access Management
  • Information Security Policy Development
  • Risk Management
  • Security Architecture Design

Security Framework Consulting, Compliance, Assessment and Development Services

  • NIST 800-53/Federal Information Security Management Act (FISMA) and ISO 27001
  • Centers for Medicare and Medicaid Services (CMS) Minimum Acceptable Risk Standards for Exchanges (MARS-E)

Security Services- Compliance, Assessment and Remediation Services

  • Security Architecture Design
  • Procurement, IV&V, and Vendor Oversight
  • Business Impact Analysis (BIA)
  • Business Continuity and Disaster Recovery
  • Identity and Access Management
  • Vulnerability Scanning
  • Penetration Testing
  • Social Engineering
  • Asset Inventory and Data Classification Development
  • Risk Assessments
  • Security Enhancement/Action Plan Development
  • Cloud Security Assessments
  • Application Security Assessments
  • Mobile Device Security Assessments
  • Security Awareness Training

Security Governance (Local, State, Federal and Private Sector)

  • Security Policies & Procedure Development
  • Federal Risk and Authorization Management Program (FedRAMP)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Payment Card Industry standard (PCI)
  • Sarbanes-Oxley (SOX)

Case Study

Our Information Security Clients

For more than 20 years, we have been helping agencies, organizations, institutions, and businesses with their information security concerns—working with them to improve their security posture and keep their data safe and secure.

Contract with NYSTEC

Whether it’s via our OGS centralized contract, DOB Business Transformation, NYC Citywide QC-3, PBITS, FISA Security Assessment, ITS74 or MBTA Blanket Consulting, we’re ready to contract with you.