How can we help you?
Our teams possess strong foundations in all aspects of information technology and cybersecurity – several are designated “ethical hackers.” They stay abreast of existing and potential threats and serve as a single point of contact for all interactions, providing you with heightened service and cost efficiencies.
Our IT Risk Advisory Services include:
- Outsourced or Co-sourced internal IT Audit
- IT Governance Development and Business Strategic Alignment
- IT Risk Management Design and Implementations
- Disaster Recovery and Business Continuity Plan Development and Reviews
- Incident Response Plan Development and Reviews
- Forensic Data Acquisition and Analysis:
- Server/PC/Laptop/Cloud/ Mobile Devices
- E-Discovery Assistance
- Cyber Security Vulnerability Assessments:
- Enhancement and recommendation reports
- Policy and Procedure Development:
- Includes all HIPAA and PCI policy requirements
- FERPA and GLBA Compliance and Reviews
- Cyber Security Risk Assessments:
- Incorporates results from vulnerability assessment into a National Institute for Standards and Technologyderived IT risk assessment framework.
- Provides a holistic view of IT governance and risk management procedures to qualitatively demonstrate to senior management and board members areas for improvement and areas that are effectively managed and controlled
- Privacy Assessments:
- HIPAA Compliance Reviews and Meaningful Use Risk Assessments (HIPAA Privacy, Security and Breach Notification Rules)
- PCI-DSS Self-Assessment Questionnaire Gap Analysis and Scope Reduction Assessments
- SEC OCIE Cyber Security Readiness Assessments
- Social Engineering Campaigns:
- Phishing emails and phone calls
- Network and Web Application Penetration Testing
- Web Application Code Review
- General Source code review:
- Java, .NET, PHP, Python, C, C++, Objective-C
- Malware Analysis
- Security Awareness Training
- Sarbanes Oxley IT Controls Audit Matrix Establishment, Review and Testing
- Agreed Upon Procedures
- Service Organization Control Reports:
- SOC 1, SOC 2 and SOC 3 reports
- Best Practices Consulting
Customized Cybersecurity Risk
The speed with which cyber security risks evolve is as staggering as the magnitude of the liability associated with attack. From simple phishing scams to complex data security breaches, losses can be devastating in confidential, proprietary and customer information as well as in public trust and corporate image. The days when companies felt safe with passwords and firewalls alone are long gone. Today, thorough protection demands a holistic, comprehensive, integrated control system for managing risk.
To protect against these threats, PKF member firms implement practical risk assessment frameworks that include continuous monitoring and real-time assessments. The specialists in our member firms tailor solutions to protect application information and network security, prepare for disaster recovery and business continuity, and deliver end-user education.
A Sophisticated, Systematic Approach
Highly-qualified and deeply knowledgeable, our cybersecurity professionals serve as trusted advisors, providing clients with expert support protecting networks, computers, programs and data from attack, damage or unauthorised access.
Results are presented with recommendations for strengthening IT organisational policies, operational standards and procedures in a formal report. Reports provide the start but the real value is ensuring senior leadership teams understand the implications of the findings. Remediation is often not cost prohibitive, cost-effective solutions are identified and can be easily implemented. Member firm specialists are trained to develop practical solutions that leverage existing resources (i.e., people, processes and/or technologies) to remediate any deficiencies identified. At the same time, when more problematic risk scenarios are identified, we’ll recommend tailored solutions to protect multi-layered systems and those with large amounts of confidential, financial, health and other personal data.
Is your organisation safe?
- Do you have an IT governance program?
- Is your governance program up-to-date and supportive of your business objectives?
- Are you in compliance with federal and state security and privacy laws?
- Which staff might fall prey to phishing?
- Have you tested your network’s internal and external vulnerabilities?
- Are your remote and wireless networks fully secured?
- Do you employ encryption to sensitive information assets?
- Are physical servers and equipment protected from sabotage?
- Can your system withstand a malicious hacker or trusted insider’s attack?
- Do all employee passwords meet industry and firm standards?
- Will your back-up system protect your data in a disaster?
- Have you done all you can to ensure that your cyber insurance policy will cover financial loss?
- Do you have the ability to detect a data breach?
- Are your systems patched and anti-virus comprehensively installed, up-to-date and monitored?