Print Friendly, PDF & Email

IT Risk/Cyber Security Assessments

AAFCPAs’ IT/Cyber Security Assessments help identify risks from the use of technology that could potentially cause information loss or financial or reputational harm to an organization.

AAFCPAs’ Information Technology (IT)/Cyber Security Assessments help identify risks from the use of technology that could potentially cause information loss and/or financial and reputational harm to your organization. Our assessments follow industry best practices.  In addition, we help determine if planned technology acquisitions comply with federal and state laws and company policies for protecting critical data before they are implemented. The detailed findings, associated risks, and recommendations that are documented in our assessments help you reduce the overall exposure of your organization to technology security risks.

AAFCPAs’ Ethical Hacker shares strategies that bad actors use to gain access to sensitive information

 

 

AAFCPAs’ tailored IT/Cyber Security Assessments evaluate the following:

Vulnerability/Penetration

  • External vulnerability
  • Internal vulnerability
  • Web application scan
  • Wireless penetration
  • Physical security assessment

Phishing

  • Simulated phishing campaigns using social engineering
  • Security awareness training

Configurations Assessment

  • Firewall configuration
  • Mobile Device Management
  • Wireless configuration
  • Endpoint protection configuration
  • Office 365 configuration

Infrastructure Operations

  • Remote access (policy, process, and configuration)
  • Network topology security and enhancements
  • Disaster recovery (backup and recovery strategy)
  • Business Continuity Plan (BCP) development
  • Cybersecurity Insurance Policy assessment
  • Risk management and assessment
  • IT policy development
  • IT department staff appraisal
  • Fractional CIO / CISO (staff augmentation)
  • Data Governance

Regulatory Compliance

  • Third party SOC report assessment and summary
  • HIPAA Top 10
  • HIPAA Security Risk Assessment (SRA)
  • HIPAA Compliance Audit Program Assessment
  • NIST 800-53 / CSF
  • ISO 27000
  • HITRUST CSF
  • Critical / Key Vendor Assessment (Security Scorecard)

IT General Controls (“ITGCs”)

  • Access to Programs and Data
  • Program Changes
  • Program Development
  • Computer Operations
  • Network Security

Every organization is unique and so is the technology environment developed to serve their needs. AAFCPAs tailors our IT/Cyber Security Assessments to address the unique needs of your organization. We start by gaining an understanding of your technology environment in order to identify areas which may present risks. Our process is highly collaborative and engaging, and we ensure on-going communication and feedback throughout the engagement. The results are packaged in a report that provides clear, concise findings and recommendations that can be used as a road-map for mitigating risks.

Why AAFCPAs Business Process & IT Consulting?

We bring our clients’ Finance and IT functions together. We understand both very well. AAFCPAs’ Business Performance, Internal Controls and IT Consulting practice includes corporate managers and technologists with a pragmatic understanding of business, making us uniquely qualified to advise clients on making sound business decisions regarding business processes, IT systems, and performance controls. We have a team of dedicated professionals with extensive experience in the technology field, including Senior Security Specialists and White Hat Ethical Hackers. Our team members have a deep understanding of information technology operations, information security, and internal controls from a design, implementation and testing perspective.

Our exceptional value comes from delivering proven solutions with that ideal combination of expertise, service, and price.