Focus on what counts

IT Risk, Cybersecurity & Privacy Services

Focused on Protecting Your Data and Your Business

Cyber-risks and data loss should be top of mind for all business leaders today. With the rise in cloud computing and mobile technologies, keeping your information secure has become an increasingly difficult feat. While information technology drives your success, it also creates new vulnerabilities.


How Citrin Cooperman Can Help

Monitoring potential IT vulnerabilities has become one of the most critical responsibilities. Protecting our clients’ data and business requires the right strategies combined with the best tools and the most knowledgeable experts. We guide our clients through identification and assessment of the risks their organizations face, in addition to providing advice on finding the right solutions to maximize their performance and security in a technologically-advanced world.

OurRelated Services


SCORE Report™ – Understand your exposure to a cyber-attack before it happens with our Security, Compliance, and Operations Risk Evaluation (SCORE) Report. This high-level risk assessment evaluates several key areas of your Company’s technology and compliance environment, including IT operations, physical and logical security, mobile devices recovery, network security, online security, data privacy and security compliance, and system and hardware controls. Knowing where your most significant risks exists, so you can create and implement solutions to protect your company and your data.

CYBERSECURE - If your organization does not have the resources and expertise in-house to avoid or quickly respond to a cyber-incident, you can rest assured with CYBERSECURE - your cybersecurity resource and breach recovery solution

Spear Phishing Susceptibility Assessment – With spear phishing attacks causing more that 90% of data breaches today, it’s critical to gauge your employee’s ability to identify a cyber-threat. With targeted simulated spear phishing attacks across several communications channels and varying attack methods, let us help you pinpoint where your employee vulnerability lies.

Cybersecurity Awareness Training – Turn your employees into human firewalls with customized cyber-awareness trainings to educate and change employees’ behavior to help minimize your exposure to a cyber-attack.

Vulnerability Management Services:

  • Vulnerability Assessment – Achieve a high level of defensive security with our vulnerability assessment, performed by our Ethical Hacker, designed to scan and uncover your known physical and IT system’s vulnerabilities. Deliverables include is a list of vulnerabilities ranked in order of risk level with recommendations to remediate the weaknesses discovered.
  • Penetration Testing - Understand the impact of a breach on your company and expose critical issues to determine if your most valuable assets and networks are susceptible to an attack. By using real-time attacks and simulations, we will uncover the vulnerabilities that exist within your organization, at all levels, that could compromise your data, systems, networks, and environment.


Incident Rapid Response - Whether your incident results from a hacker or accidentally by an employee, our rapid response team will assist you in responding to the attack, mitigate the attack from inflicting additional damage, and determine what was comprised with the goal of restoring your IT environment to full capacity with minimal disruption.

  • Detection, Forensics and Analysis - Assist with guiding internal personnel through the process of gathering relevant information to identify attack methods and determine whether an incident has occurred. Direction will be provided to identify the data impacted and size of the incident. Incident documentation will be created to establish a timeline of events for lessons learned or legal proceedings if pursued.
  • Containment, Eradication and Recovery -Provide to ensure any active compromise is contained. We work with system administrators and management to develop a plan for eradication and recovery. Plan will take into consideration data preservation (in anticipation of litigation) as well as functional impact, information impact, and recoverability.
  • Post Incident Activity - Provide guidance regarding documentation and evidence preservation. Direction can also be provided regarding breach notification if necessary in compliance with legal and regulatory demands


PCI - If you are a merchant that processes credit card payments, we can help guide you towards meeting the strict requirements of the Payment Card Industry Data Security Standards (PCI DSS). Whether you need an assessment of your compliance efforts, assistance with remediating any gaps, or a Qualified Security Assessor (QSA) to provide you with a sustainment program to stay compliant, our team of certified experts are ready to help you. Our services include:

  • PCI DSS gap assessments
  • PCI DSS compliance assessments
  • Remediation and project management
  • Penetration and vulnerability assessments
  • Sustainment and reporting

HIPAA/HITECH - If you maintain protected health information (PHI) for your customers, you are required to meet the imposing obligations of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). Our experts have decades of experience with helping business’s meeting HIPAA’s administrative, physical, and technical safety standards in order to properly protect electronic, verbal, and written protected health information. Our services include:

  • HIPAA gap assessments
  • HIPAA compliance assessments
  • HIPAA risk assessments
  • Remediation and project management

SSAE 18 (SOC 1, 2, 3 and SOC for Cybersecurity) - SOC 1 reports provide assurance on the design and operating effectiveness of certain defined constraints relevant to user entities’ internal controls over financial reporting. SOC 2 and 3 reports evaluate an organization’s information systems relevant to security, availability, processing, integrity, confidentiality, or privacy. SOC for Cybersecurity reports on an organizations' enterprise-wide cybersecurity risk management program.

Additional Compliance and Cybersercurity Services:

  • Virtual CISO
  • CUI
  • GDPR
  • State Security and Privacy Standards
  • Application mapping
  • Privacy compliance consulting
  • GLBA compliance assessments
  • Information and cybersecurity policy and procedure design
  • Business continuity and disaster recovery planning