Comprehensive Testing, Tailored Solutions
Our IT Risk Advisory Services include:
- Outsourced or Co-sourced internal IT Audit
- IT Governance Development and Business Strategic Alignment
- IT Risk Management Design and Implementations
- Disaster Recovery and Business Continuity Plan Development and Reviews
- Incident Response Plan Development and Reviews
- Forensic Data Acquisition and Analysis:
- Server/PC/Laptop/Cloud/ Mobile Devices
- E-Discovery Assistance
- Cyber Security Vulnerability Assessments:
- Enhancement and recommendation reports
- Policy and Procedure Development:
- Includes all HIPAA and PCI policy requirements
- FERPA and GLBA Compliance and Reviews
- Cyber Security Risk Assessments:
- Incorporates results from vulnerability assessment into a National Institute for Standards and Technologyderived IT risk assessment framework.
- Provides a holistic view of IT governance and risk management procedures to qualitatively demonstrate to senior management and board members areas for improvement and areas that are effectively managed and controlled
- Privacy Assessments:
- HIPAA Compliance Reviews and Meaningful Use Risk Assessments (HIPAA Privacy, Security and Breach Notification Rules)
- PCI-DSS Self-Assessment Questionnaire Gap Analysis and Scope Reduction Assessments
- SEC OCIE Cyber Security Readiness Assessments
- Social Engineering Campaigns:
- Phishing emails and phone calls
- Network and Web Application Penetration Testing
- Web Application Code Review
- General Source code review:
- Java, .NET, PHP, Python, C, C++, Objective-C
- Malware Analysis
- Security Awareness Training
- Sarbanes Oxley IT Controls Audit Matrix Establishment, Review and Testing
- Agreed Upon Procedures
- Service Organization Control Reports:
- SOC 1, SOC 2 and SOC 3 reports
- Best Practices Consulting
Why do you need us?
Customized Cybersecurity Risk
The speed with which cyber security risks evolve is as staggering as the magnitude of the liability associated with attack. From simple phishing scams to complex data security breaches, losses can be devastating in confidential, proprietary and customer information as well as in public trust and corporate image. The days when companies felt safe with passwords and firewalls alone are long gone. Today, thorough protection demands a holistic, comprehensive, integrated control system for managing risk.
To protect against these threats, PKF member firms implement practical risk assessment frameworks that include continuous monitoring and real-time assessments. The specialists in our member firms tailor solutions to protect application information and network security, prepare for disaster recovery and business continuity, and deliver end-user education.
A Sophisticated, Systematic Approach
Highly-qualified and deeply knowledgeable, our cybersecurity professionals serve as trusted advisors, providing clients with expert support protecting networks, computers, programs and data from attack, damage or unauthorised access.
Results are presented with recommendations for strengthening IT organisational policies, operational standards and procedures in a formal report. Reports provide the start but the real value is ensuring senior leadership teams understand the implications of the findings. Remediation is often not cost prohibitive, cost-effective solutions are identified and can be easily implemented. Member firm specialists are trained to develop practical solutions that leverage existing resources (i.e., people, processes and/or technologies) to remediate any deficiencies identified. At the same time, when more problematic risk scenarios are identified, we’ll recommend tailored solutions to protect multi-layered systems and those with large amounts of confidential, financial, health and other personal data.