From questions about IT security in a mobile world, to meeting the attestation standards of SSAE 16, to finding the right talent, today’s new interconnectivity means that problems and solutions are often part of the same fabric. Information technology drives your success, even as it creates new vulnerabilities. We provide the guidance and strategies to help you create and maintain a secure cyber environment.
Monitoring potential IT vulnerabilities has become one of the most critical responsibilities. Protecting our clients’ data and business requires the right strategies combined with the best tools and the most knowledgeable experts. We guide our clients through identification and assessment of the risks their organizations face, in addition to providing advice on finding the right solutions to maximize their performance and security in a technologically-advanced world.
IT risk assessments - (e.g. SCORE ReportTM) - Security, Compliance, and Operations Risk Evaluation (SCORE) Report. This report involves a high level risk evaluation of several key areas of the Company’s IT environment, including IT operations, physical and logical security, mobile devices recovery, network security, online security, data privacy and security compliance, and system and hardware controls.
SSAE 16 (SOC 1, 2 and 3) - Provide SOC 1, 2 or 3 reports. SOC 1 reports provide assurance on the design and operating effectiveness of certain defined constraints relevant to user entities’ internal controls over financial reporting. SOC 2 and 3 reports evaluate an organization’s information systems relevant to security, availability, processing, integrity, confidentiality, or privacy.
Data mapping - Identifying, locating, and tracking sensitive data is a critical step in achieving a high standard of security. Sensitive data can be found in multiple sources such as servers, individual laptop and desktop computers, HR departments, and more. Data mapping allows our IT security professionals to assist management in identifying what critical data and information exists in the company and where it resides, to aid them in implementing plans targeted at safeguarding the sensitive information that companies have a responsibility to secure.
PCI - PCI DSS - Compliance and readiness offers valuable services to help merchants who process credit card payments meet the applicable Payment Card Industry Data Security Standard (PCI DSS) requirements:
HIPAA - HIPAA compliance and readiness compliance with HIPAA and HITECH Omnibus rules involves meeting 22 separate standards for administrative, physical, and technical safety of electronic, verbal, and written protected health information (PHI). Patient protection law compliance is required not only by the medical provider, but also their associates. Failure to comply can result in fines of up to $1.5 million per provision per year. Our services include:
Vulnerability testing - Provide an assessment to assemble a prioritized list of physical and logical technology vulnerabilities for businesses that want confirmation they have achieved a high level of security. The deliverable for the assessment is a list of discovered vulnerabilities ranked in order of risk level, along with recommendations on how to remediate the weaknesses.
Industry standards assessments - Based on one or more industry standards (e.g. COBIT, ISO 27001, NIST 800-53), analyze the environment for established security controls as compared to the standards and where deficiencies are noted, provide specific gap remediation recommendations.
Social engineering and phishing assessments - Assess personnel susceptibility to targeted attacks across different communications channels and varying attack vectors.
Best practices assessment - Examine and evaluate installed technology, infrastructure, communications, environment, security, data protection, user policies and business continuity plans to identify areas of operational risk and vulnerability
Policy and procedure design