Risk advisory services are meant to assist businesses and organizations in understanding the risks they face and how to alleviate these risks. Our Risk Advisory Consultants will help your organization improve internal controls and efficiency by offering best practices related to governance, risk, and compliance.
Our Risk Advisory Services include:
SANS TOP 20 Critical Security Controls
CIS Critical Security Controls are a recommended set of actions for cyber defense which provide specific and actionable ways to stop today's most pervasive and dangerous attacks. A principal benefit of the Controls is they prioritize and focus a smaller number of actions with high pay-off results. The Controls are effective because they are derived from the most common attack patterns highlighted in the leading threat reports and vetted across a broad community of government and industry practitioners. They were created by the people who know how attacks work—NSA Red and Blue teams, the US Department of Energy nuclear energy labs, law enforcement organizations, and some of the nation's top forensics and incident response organizations—to answer the question, "What do we need to do to stop known attacks?"
CIS Critical Security Controls are an effective guide to creating a cohesive security program if you do not have one in place.
CyberSecurity Framework CSFv1
The Framework uses business drivers to guide cybersecurity activities and considers cybersecurity as part of an organization’s risk management processes. Many organizations are embracing this framework to help manage their cybersecurity risks. According to the 2019 SANS OT/ICS Cybersecurity Survey the NIST CSF is the number one framework in use today.
HIPAA IT Security
The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information which is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.
Read more about our full HIPAA compliance services.
ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.
NIST SP 800.53
This NIST SP 800-53 database represents the security controls and associated assessment procedures defined in NIST SP 800-53 Revision 4 Recommended Security Controls for Federal Information Systems and Organizations.
A right-sized governance solution…tailor-fit for your enterprise. COBIT® 2019 is the most recent evolution of ISACA’s globally recognized and utilized COBIT framework. Effective governance over information and technology is critical to business success, and this new release further cements COBIT’s continuing role as an important driver of innovation and business transformation.
SOC 2 Type II
SOC 2 is an auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients. For security-conscious businesses, SOC 2 compliance is a minimal requirement when considering a Business to Business provider. SOC+ can combine SOC 2 requirements with all of the requirement models listed above in one comprehensive audit to provide to your business relationships or potential prospects.
If your business could benefit from a risk assessment, please contact a Risk Advisory Consultant today at 715-955-4931.