Information Security straight talk from our CIO, Chris Falk

The security landscape is unforgiving, complex, and ever-changing: ransomware, business email compromise, vulnerable applications, zero-day attacks, insider threats, and the list goes on. In these uncertain times, MPX clients have placed their trust in us to secure their protected information.

We built the MPX information security program on the NIST Cyber Security Framework and CIS Critical Controls. These standards provide an adaptive approach to implementing and maintaining informa-tion security.


The process starts with a comprehensive risk assessment: security, infrastructure, supply chain, environmental, pandemic, organizational, scalability, and more. After identifying and assessing the likelihood and impact of risks, we then mitigate that risk with controls.


The frameworks are a cornucopia of controls that adapt to any program maturity level. They focus on identifying assets, implementing pre-ventative controls, and detecting security events. MPX applies policies and technical controls like asset discovery and inventory, access manage-ment, auditing and logging, vulnerability man-agement, tabletop testing, security awareness training, and more. But controls are not enough; response to and recovery from incidents is the final piece of the puzzle.


When an incident occurs, rapid response and recovery is critical. Most security breaches go weeks, months, even years before discovery. MPX has robust and tested incident response and disaster recovery policies. If our team sus-pects an incident, we can rapidly assess impact, perform forensics, and restore and recover if needed.


What is trust without verification? MPX performs an annual SOC2 Type II audit and third party penetration and application security testing. We have also engaged to complete a HITRUST i1 Validated Assessment in 2023.

We at MPX appreciate the trust you place in us, and we will continue to evolve our approach as the threat evolves.