Areas of Concentration
Security Maturity Review
If you have already adopted a security framework your business will have a good baseline. Our cybersecurity maturity assessment will validate the work the team has done to create the cyber strategy and program in accordance with the selected framework.
Security Framework Review
The selection and adoption of an industry standard framework can be tough without wise counsel. Fortunately, we support and recommend the three most widely used security frameworks. They are NIST CSF, NIST 800-53 and Center for Internet Security (CIS). Each have a definite use cases that we can help you figure out.
SOC Preparation Review
The American Institute of CPAs (AICPA) is the world’s oldest and largest member association representing the audit and accounting professionals since 1887. AICPA maintains oversight for Statements on Standards for Attestation Engagements (SSAE) with version 18 being the latest revision (SSAE-18). Three Service Organization Control (SOC) reports were created by the AICPA with designations of SOC 1, SOC 2 and SOC 3. If you provide services online, your clients will inquire about your participation in the program.
Your company and client’s personal identifiable information (PII) is extremely important. Policy writing for risk reduction, data security or compliance is paramount and serves as the foundation for these programs. Policies or procedural documents should be well-written, easy to understand and grammatically free of errors.
At some point it might be necessary for you to obtain or comply with governance requirements. The most common ones we see are Health Insurance Portability and Accounting Act Health(HIPAA) or Payment Card Industry Data Security Standard (PCI-DSS). Where HIPAA protects patient health information (PHI) and PCI-DSS protects credit card data, either can be difficult to incorporate into your cybersecurity strategy.