In the changing world of information risk management, protection of information assets can no longer be ignored. An increasing number of threats from internal and external sources, combined with the penalties that occur when data is compromised, create a risk environment that must be acknowledged, analyzed and managed.
In addition, government regulations now require some organizations to find another professional firm to provide services that were once performed by their current financial auditors. We assist organizations of all sizes, using the latest in assessment methodologies and technology-based tools, to efficiently identify and manage risk in your IT environment.
IT Security Services
Using the following services, we identify and assess real and/or potential security control risks and weaknesses facing your organization–
- Security controls assessments for Enterprise Resource Planning applications.
- Customized corporate security policies, standards and procedures.
- Entity-wide security program development, design and implementation.
- Threat-based assessments of Internet connectivity and vulnerability.
- Wireless network integrity reviews.
- Administrative reviews, including event configuration and IP filtering rules.
- Incident response practices.
- Security planning and design services focusing on the effectiveness of your security infrastructure and systems.
- Guidance and direction for information security programs and processes.
SAS No. 70 Attestation Services
If other organizations use your company's services to accomplish tasks that affect their financial statements, the controls at your company may be considered part of the information systems of those organizations. In those circumstances, we can perform an independent study and evaluation of controls, in accordance with Statement on Auditing Standards No. 70, to provide a valuable benefit to your company, the third party organizations and their independent auditors.
Payment Card Industry (PCI) Compliance Services
We can perform assessments, perimeter scans and penetration testing to assure that cardholder data is safe and secure, and that you are in compliance with PCI Data Security Standards.
Business Continuity/Disaster Recovery Plans
We document procedures and evaluate the adequacy of tests, off-site storage of backup data, software frequency and storage locations.
Data Analysis and Forensic Services
Data that was once considered unrecoverable, or that exists in large volumes and different formats, can be recovered and managed using many specialized analysis tools and methodologies. We can perform customized data recovery and analysis in support of current investigations and pending litigation.
Incident Response and Investigations
At your direction, we can conduct investigations of incidents, anomalies and suspicious activities in your IT systems. Technical evaluations of specific information systems resources are used to locate and document evidence of a crime, or unauthorized or suspicious activity.