// A data privacy and protection firm //

specializing in cybersecurity risk management
AND NETWORK INFORMATION SECURITY

NIST Cybersecurity Risk Assessments
IT Risk Assessments
Internal Control Assessments
Cybersecurity Risk Assessments
Penetration Testing
Document Policies & Procedures
Security Awareness Training
Regulatory Compliance
vCISO
Vendor Management
Technology Resource Assessment
Let us help
Image of a globe
Governance Risk & Compliance
Policies & Procedures
Risk Assessment & Gap Analysis
Penetration Testing
Virtual CISO
IT Third Party Assessments
Security & Awareness Training
//INDUSTRIES WE SERVE

Accounting Firms

Defense Contractors

Financial Services

Fire Districts

Government / Townships / Municipalities

Healthcare / Medical Offices

Insurance Brokers

K-12 Education

Legal / Law Firms

Libraries

Manufacturing

Unions

01010011 01110100 01100101 01110100 01110011 01101111 01101110 00100000 01000011 01111001 01100010 01100101 01110010 01100111 01110010 01101111 01110101 01110000 00100000 01100001 01110000 01110000 01110010 01101111 01100001 01100011 01101000 01100101 01110011 00100000 01100011 01111001 01100010 01100101 01110010 01110011 01100101 01100011 01110101 01110010 01101001 01110100 01111001 00100000 01101000 01101111 01101100 01101001 01110011 01110100 01101001 01100011 01100001 01101100 01101100 01111001 00101100 00100000 01100101 01101110 01100111 01100001 01100111 01101001 01101110 01100111 00100000 01110000 01100101 01101111 01110000 01101100 01100101 00101100 00100000 01110000 01110010 01101111 01100011 01100101 01110011 01110011 01100101 01110011 00101100 00100000 01100001 01101110 01100100 00100000 01110100 01100101 01100011 01101000 01101110 01101111 01101100 01101111 01100111 01101001 01100101 01110011 00101110 00100000 01010011 01110100 01100101 01110100 01110011 01101111 01101110 10000000011001 01110011 00100000 01110100 01100101 01100001 01101101 00100000 01101111 01100110 00100000 01110000 01110010 01101111 01100110 01100101 01110011 01110011 01101001 01101111 01101110 01100001 01101100 01110011 00100000 01100011 01101111 01101110 01110011 01101001 01110011 01110100 01110011 00100000 01101111 01100110 00100000 01101001 01101110 01100100 01110101 01110011 01110100 01110010 01111001 00100000 01100101 01111000 01110000 01100101 01110010 01110100 01110011 00100000 01101001 01101110 00100000 01100001 01101100 01101100 00100000 01100011 01111001 01100010 01100101 01110010 01110011 01100101 01100011 01110101 01110010 01101001 01110100 01111001 00100000 01110000 01101000 01100001 01110011 01100101 01110011 00101100 00100000 01100110 01110010 01101111 01101101 00100000 01101001 01100100 01100101 01101110 01110100 01101001 01100110 01101001 01100011 01100001 01110100 01101001 01101111 01101110 00100000 01110100 01101111 00100000 01110010 01100101 01100011 01101111 01110110 01100101 01110010 01111001 00101100 00100000 01100001 01101110 01100100 00100000 01100001 01110010 01100101 00100000 01110010 01100101 01100001 01100100 01111001 00100000 01110100 01101111 00100000 01100001 01110011 01110011 01101001 01110011 01110100 00100000 01111001 01101111 01110101 01110010 00100000 01101111 01110010 01100111 01100001 01101110 01101001 01111010 01100001 01110100 01101001 01101111 01101110 00101110 00100000 01010111 01100101 00100000 01100001 01110010 01100101 00100000 01100101 01111000 01110000 01100101 01110010 01101001 01100101 01101110 01100011 01100101 01100100 00100000 01100001 01101110 01100100 00100000 01110000 01110010 01101111 01100110 01101001 01100011 01101001 01100101 01101110 01110100 00100000 01110010 01101001 01110011 01101011 00100000 01100001 01110011 01110011 01100101 01110011 01110011 01101111 01110010 01110011 00101100 00100000 01100101 01110100 01101000 01101001 01100011 01100001 01101100 00100000 01101000 01100001 01100011 01101011 01100101 01110010 01110011 00101111 01110000 01100101 01101110 01100101 01110100 01110010 01100001 01110100 01101001 01101111 01101110 00100000 01110100 01100101 01110011 01110100 01100101 01110010 01110011 00101100 00100000 01100011 01100101 01110010 01110100 01101001 01100110 01101001 01100101 01100100 00100000 01100001 01110101 01100100 01101001 01110100 01101111 01110010 01110011 00101100 00100000 01001110 01001001 01010011 01010100 00100000 01000110 01110010 01100001 01101101 01100101 01110111 01101111 01110010 01101011 00100000 01110011 01110000 01100101 01100011 01101001 01100001 01101100 01101001 01110011 01110100 01110011 00101100 00100000 01000011 01001101 01001101 01000011 00100000 01010000 01110010 01101111 01100110 01100101 01110011 01110011 01101001 01101111 01101110 01100001 01101100 01110011 00101100 00100000 01110000 01101111 01101100 01101001 01100011 01111001 00100000 01110111 01110010 01101001 01110100 01100101 01110010 01110011 00101100 00100000 01100110 01101111 01110010 01100101 01101110 01110011 01101001 01100011 00100000 01100101 01111000 01100001 01101101 01101001 01101110 01100101 01110010 01110011 00101100 00100000 01100001 01101110 01100100 00100000 01101001 01101110 01100011 01101001 01100100 01100101 01101110 01110100 00100000 01110010 01100101 01110011 01110000 01101111 01101110 01100100 01100101 01110010 01110011 00100000 01110010 01100101 01100001 01100100 01111001 00100000 01110100 01101111 00100000 01100001 01110011 01110011 01101001 01110011 01110100 00100000 01110111 01101001 01110100 01101000 00100000 01100001 01101100 01101100 00100000 01111001 01101111 01110101 01110010 00100000 01100011 01111001 01100010 01100101 01110010 01110011 01100101 01100011 01110101 01110010 01101001 01110100 01111001 00100000 01101110 01100101 01100101 01100100 01110011 00100000 01100001 01101110 01100100 00100000 01110000 01110010 01100101 01110000 01100001 01110010 01100101 00100000 01101111 01110101 01110010 00100000 01100010 01110101 01110011 01101001 01101110 01100101 01110011 01110011 00100000 01110000 01100001 01110010 01110100 01101110 01100101 01110010 01110011 00100000 01100110 01101111 01110010 00100000 01101100 01101111 01101110 01100111 00101101 01110100 01100101 01110010 01101101 00100000 01110011 01110101 01100011 01100011 01100101 01110011 01110011 00101110
//About
Stetson Cybergroup approaches cybersecurity holistically, engaging people, processes, and technologies. Stetson’s team of professionals consists of industry experts in all cybersecurity phases, from governance to recovery, and are ready to assist your organization. We are experienced and proficient risk assessors, ethical hackers/penetration testers, certified auditors, NIST Framework specialists, regulation compliance professionals, policy writers, and incident responders ready to assist with all your cybersecurity needs and prepare our business partners for long-term success.
//Services

Keeping your information and data safe one step at a time.

Let us help
//IDENTIFY, ASSESS, PRIORITIZE & MANAGE RISKS

Risk Assessment

To effectively manage risk, it's critical to identify all assets, data, and processes in your organization. You cannot protect what you don’t know you have. From outdated operating systems to being in a high flooding area to identifying financial, operational, technology, and reputational risks, cybersecurity, information security, and fraud risk assessments will identify, assess, and prioritize the risk affecting most critical functions of your company so they can be managed effectively.

//SEE WHAT’S MISSING

Gap Analysis

After a risk assessment you will know your critical infrastructure and each associated risk. A Gap Analysis will identify whether there are adequate controls implemented to address the risks and determine whether they stack up to regulations and best practices. Performing a Gap Analysis on your organization lets you know where you stand, identifies areas requiring improvement to the overall security posture of your organization, and what controls are missing.

//TEST YOUR CONTROLS

Internal Control Assessments

After a Gap Analysis, you will know what internal controls to put in place. Once those controls are implemented, are they consistently being followed? Does each employee know the policies and procedures put in place? An Internal Controls Assessment will test the controls and make sure they are effectively protecting the organization.

//TEST YOUR INFRASTRUCTURE

Penetration Testing

After the IT Audit provides the assessment of whether your policies and procedures are enforced and effective, you should perform penetration testing to determine how well the technology works. A Penetration-Test will test for weaknesses and vulnerabilities in your network and throughout the organization. From testing social engineering to physical access, a Penetration-Test will bring all weaknesses out of the shadows.

//ALIGN STRATEGY WITH COMPLIANCE GOALS

Governance Risk and Compliance

Governance, Risk, and Compliance (GRC) is a structured way to align technology with business goals while managing risks and meeting all industry and government regulations. GRC includes tools and processes to unify an organization's governance and risk management with its technological innovation and adoption. Companies use GRC to achieve organizational goals reliably, remove uncertainty, and meet compliance requirements.

//a system of guidelines

Document Policies and Procedures

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book.

//KNOWLEDGE IS THE BEST DEFENSE

Security & Awareness Training

When your organization needs to establish a training program to meet regulatory compliance and is ready to establish and maintain a security awareness program to influence behavior among the workforce to be security conscious and properly skilled to reduce cybersecurity risks to the enterprise, we can provide customized live in-person or remote training to meet all your training needs.

//NAVIGATE COMPLEX REGULATIONS EFFORTLESSLY

Regulatory Compliance

Regulatory compliance describes the goal that organizations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws, policies, and regulations. Due to the increasing number of regulations and need for operational transparency, organizations are increasingly adopting the use of consolidated and harmonized sets of compliance controls. This approach is used to ensure that all necessary governance requirements can be met without the unnecessary duplication of effort and activity from resources.

//BUILD AND MAINTAIN

Virtual CISO (vCISO) Services

Stetson's team of Certified Chief Information Security Officers adds experience and knowledge to your organization without the cost of an additional full-time cybersecurity employee. Stetson's team is available for monthly and quarterly programs to assess and develop your cybersecurity program starting with governance, understanding the business mission, stakeholders, risks to your business units, technologies, and regulatory requirements.

//Manage Your Third-Party Risk

Vendor Management

As a partner, Stetson will assist your organization develop a program to:

  • Identify, classify, and risk-rank your vendors / third-party providers.
  • Perform onboarding and continuous assessments to identify vendor / third-party risk to the data, information, and/or people.
  • Hold vendors / third-parties accountable for maintaining their own internal controls over the security of your organization.
"Brian and his team at Stetson Cybergroup performed an extensive internal and external penetration test for the Hauppauge UFSD. The testing process helped the district understand the vulnerabilities within our infrastructure. The report was thorough and included supportive remediation directives for the vulnerabilities found. All through the penetration test, all high and critical issues found issues were presented to our team for immediate resolution. I highly recommend using Stetson Cybergroup for your cybersecurity needs. Hauppauge UFSD expectations were met and exceeded."

Dr. Donald B. Murphy, Asst. Superintendent

Hauppauge Public Schools

"We, at Mid Island Group, are completely confident in the work provided by Stetson Cybergroup which allows us to run our day‐to‐day operations without having to be overly concerned about our protection from cyber risks. Their experienced team remains updated in the knowledge of all areas of cybersecurity, have shown a great commitment to protecting our company, and are always available for our questions and needs. We highly recommend Stetson Cybergroup for any, or all, of an organization’s cybersecurity protection requirements."

Robert Russo, President

The Mid Island Group USA LLC

"A contributing factor to our growth and success has been the outstanding service we have received from key technical consultants over the years. Perhaps the most valuable trusted adviser has been Mr. Brian Busto and his firm, Stetson Cybergroup. For close to twenty-five years, Brian's technical proficiency, vision and passion for excellent client service has enabled our firm to continually remain on the cutting edge of technological developments, which is paramount for a public accounting firm. His knowledge of information technology in our marketplace is unparalleled and he is highly regarded as one of the leaders in his field on Long Island."

Michael Nawrocki, Founding Partner

Nawrocki Smith LLP

"I am completely confident in the quality and scope of work provided by Mr. Busto and his technology company, Stetson. Through his continued performance, outstanding knowledge of technology, constant quest to strengthen his services by staying current with the needs of his clients and current practices, dedication and commitment to excellence and loyalty to his customers, Mr. Busto has proven to be an asset to our organization and the public school districts."

George L Duffy, Executive Director/CEO

SCOPE Education Services

"Stetson's professionals provided prompt, expert and thorough consulting, guiding BTSA staff and myself through the various topics and processes we needed to obtain the MEL's approval for the stringent Tier 3 cybersecurity requirements. Along the way Stetson made recommendations on the administrative side as well, assisting us with drafting various plans and policies necessary to form a complete cyber security approach for the Authority's needs. As a small government agency, finding cybersecurity consultants has been a challenge. Stetson's services covered all our needs, we're very good to work with, and I am happy to provide this reference."

Thomas Timko, Director

Bernard’s Township Sewer Authority

"Every year Stetson Cybergroup formally reviews our current policies and procedures to reflect all requirements of NY CRR 500 are updated.  This includes that all of our employees are formally trained, and any new vendors follow security protocols.   We do a PEN test to secure networks & endpoint from internal and external attempts.  Joe H. from Stetson assists us in every way possible to gather data and is a pleasure to work with."

Beth-Ann Tolentino
Premier Benefit Plans, Inc.

"We have worked with Stetson Cybergroup on a number of projects, and have attended many of the informational events they host.  Stetson is an expert in cybersecurity, helping companies establish processes and procedures to keep data safe."

David Faverio, President
Pupfish Sustainability Solutions

"Stetson was professional and efficient in providing the services needed to complete my requirements."

Herbert Klibanoff, P.C.

"The Stetson team is extremely knowledgeable and I enjoy working with them. I have also attended multiple events that they have spoken at and have always learned something new!"

Kelli-Anne Cerini
Cerini & Associates, LLP

"Professional, knowledgeable staff.  Have worked with them for many years and have always been completely satisfied."

Barbara Hurleigh

"Stetson enabled us to meet the Cybersecurity regulations required for our industry. Joseph Horowitz was professional and efficient in providing the services needed to complete our program. It was a pleasure working with him."

Keith Merkler, Senior Vice President
Pilot R/B

Previous arrow
Next arrow icon
See all reviews on Google

Blog Posts

View all
view current blog post
Tips

VENDOR MANAGEMENT

As Seen in Cerini & Associates Lesson Plan Volume 32 (Spring 2025)
Joe Horowitz
March 28, 2025
view current blog post
Tips

The Importance of Tabletop Exercises

The Importance of Tabletop Exercises
Brian Busto
February 6, 2024
view current blog post
Tips

Asset Management

The importance of Asset Management
Brian Busto
January 31, 2024
View all

Resources

Internet flyer that says "A good decision today keeps the hackers away!"
Internet flyer that says "Always keep your software and devices up to date"
Internet flyer that says "Cybersecurity is an organizational problem, not an IT issue!"
Internet flyer that says "Enable multi factor authentication"
Internet flyer that says "Good cyber decisions can help avoid cyber attacks and information exposure"
Internet flyer that says "Governance sets the stage for a successful cybersecurity program"
Internet flyer that says "Information Security and Fraud Risk Assessments are vital to identify potential threats of external and internal criminal activity"
Internet flyer that says "Recognize and report phishing"
Internet flyer that says "Securing our organization requires everyone to be a team player"
Internet flyer that says "Trust but verify! Taking a few extra minutes to verify an email, phone call or link can save you from a lifetime of identity and monetary problems"
Internet flyer that says "Use strong passwords"
Previous arrow
Next arrow

Learn how Stetson Cybergroup can help keep your company safe

Let us help
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept
Cookies