Focus on what counts


Focused on Protecting Your Data and Your Business

From questions about IT security in a mobile world, to meeting the attestation standards of SSAE 16, to finding the right talent, today’s new interconnectivity means that problems and solutions are often part of the same fabric. Information technology drives your success, even as it creates new vulnerabilities. We provide the guidance and strategies to help you create and maintain a secure cyber environment.

How Citrin Cooperman Can Help

Monitoring potential IT vulnerabilities has become one of the most critical responsibilities. Protecting our clients’ data and business requires the right strategies combined with the best tools and the most knowledgeable experts. We guide our clients through identification and assessment of the risks their organizations face, in addition to providing advice on finding the right solutions to maximize their performance and security in a technologically-advanced world.

OurRelated Services

IT risk assessments - (e.g. SCORE ReportTM) - Security, Compliance, and Operations Risk Evaluation (SCORE) Report.  This report involves a high level risk evaluation of several key areas of the Company’s IT environment, including IT operations, physical and logical security, mobile devices recovery, network security, online security, data privacy and security compliance, and system and hardware controls.

SSAE 16 (SOC 1, 2 and 3) - Provide SOC 1, 2 or 3 reports. SOC 1 reports provide assurance on the design and operating effectiveness of certain defined constraints relevant to user entities’ internal controls over financial reporting. SOC 2 and 3 reports evaluate an organization’s information systems relevant to security, availability, processing, integrity, confidentiality, or privacy.

Data mapping - Identifying, locating, and tracking sensitive data is a critical step in achieving a high standard of security. Sensitive data can be found in multiple sources such as servers, individual laptop and desktop computers, HR departments, and more. Data mapping allows our IT security professionals to assist management in identifying what critical data and information exists in the company and where it resides, to aid them in implementing plans targeted at safeguarding the sensitive information that companies have a responsibility to secure.

PCI - PCI DSS - Compliance and readiness offers valuable services to help merchants who process credit card payments meet the applicable Payment Card Industry Data Security Standard (PCI DSS) requirements:

  • PCI DSS gap assessments
  • PCI DSS compliance assessments
  • Remediation and project management
  • Penetration and vulnerability assessments
  • Sustainment and reporting

HIPAA - HIPAA compliance and readiness compliance with HIPAA and HITECH Omnibus rules involves meeting 22 separate standards for administrative, physical, and technical safety of electronic, verbal, and written protected health information (PHI). Patient protection law compliance is required not only by the medical provider, but also their associates. Failure to comply can result in fines of up to $1.5 million per provision per year. Our services include:

  • HIPAA gap assessments
  • HIPAA compliance assessments
  • HIPAA risk assessments
  • Remediation and project management

Vulnerability testing - Provide an assessment to assemble a prioritized list of physical and logical technology vulnerabilities for businesses that want confirmation they have achieved a high level of security. The deliverable for the assessment is a list of discovered vulnerabilities ranked in order of risk level, along with recommendations on how to remediate the weaknesses.

Incident simulation

Incident/Breach response:

  • Detection and analysis - Assist with guiding internal personnel through the process of gathering relevant information to identify attack vectors and determining whether or not an incident has occurred. Direction will be provided to identify the data impacted and size of the incident. Incident documentation will be created to establish a timeline of events for lessons learned or legal proceedings if pursued.

  • Containment, eradication, and recovery - Provide to ensure any active compromise is contained. We work with system administrators and management to develop a plan for eradication and recovery. Plan will take into consideration data preservation (in anticipation of litigation) as well as functional impact, information impact, and recoverability.

  • Post incident activity - Provide guidance regarding documentation and evidence preservation. Direction can also be provided regarding breach notification if necessary in compliance with legal and regulatory demands.  

CUI services:

  • Consulting
  • Assessment
  • Remediation

Industry standards assessments - Based on one or more industry standards (e.g. COBIT, ISO 27001, NIST 800-53), analyze the environment for established security controls as compared to the standards and where deficiencies are noted, provide specific gap remediation recommendations.

Social engineering and phishing assessments - Assess personnel susceptibility to targeted attacks across different communications channels and varying attack vectors.

Best practices assessment - Examine and evaluate installed technology, infrastructure, communications, environment, security, data protection, user policies and business continuity plans to identify areas of operational risk and vulnerability

IT forensics

Policy and procedure design