Standards and Regulations Expertise
Gramm Leach Bliley Act (GLBA) and Federal Financial Institutions Examination Council (FFIEC)
-
FFIEC IT Examination Handbook InfoBase
-
FFIEC Cybersecurity Assessment Tool (CAT)
Payment Card Industry Data Security Standard (PCI DSS)
-
Self-Assessment Questionnaire (SAQ) A through D
-
Approach Tool
-
Gap Analyses
National Institute of Standards and Technology (NIST)
-
NIST 800-53 Security and Privacy Control for Information Systems and Organizations
-
NIST 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
-
NIST Cybersecurity Framework (CSF)
American Institute of Certified Public Accountant System and Organization Controls (AICPA)
-
System and Organization Controls (SOC)
-
SOC 2 Type 1 and Type 2​
-
SOC 3
-
-
Trust Services Criteria (TSP)
-
Security
-
Availability
-
Processing Integrity
-
Confidentiality
-
Privacy
-
Service Expertise
Security Assessment Conduction and Review
You may be compliant, but are you secure? We take a technical deep dive on your IT infrastructure, assessing availability, confidentiality, and integrity of systems and information.
Compliance Audits Conduction and Review
Are you compliant? From CFR Title 12 Part 30, 208, 364, 748, 1016, etc. (i.e. GLBA) to CFR Title 45 Part 164 (i.e. HIPAA) to PCI DSS Version 3.2 to SOC 2 Type 1 and 2, our audits can be tailored to fit your needs - engagements can address one, or all, of the above regulations / standards.
Vulnerability Assessments and Penetration Testing Conduction and Review
Are you compliant? From CFR Title 12 Part 30, 208, 364, 748, 1016, etc. (i.e. GLBA) to CFR Title 45 Part 164 (i.e. HIPAA) to PCI DSS Version 3.2 to SOC 2 Type 1 and 2, our audits can be tailored to fit your needs - engagements can address one, or all, of the above regulations / standards.
​
-
We use Nessus, ‘The Most Widely Deployed Vulnerability Scanner in the World.’
-
We conduct both external and internal assessments, and all of our assessments evaluate PCI DSS V3.2 compliance.
-
Penetration testing techniques include, but are not limited to, social engineering (spear phishing), password cracking, traffic sniffing, SQL injection / cross-site scripting.
Virtual Information Security Office (vISO) and Virtual Chief Information Officer (vICO) Consulting Services
-
Governance, management, design, implementation, and operations, along with related auditing and assessing. We’ve been doing it for 30+ years!
-
Board and Executive Governance
-
Executive and Middle Management
-
Technical Operations
...and more!
-
IT Infrastructure, Network and Cloud, Design and Assessing
-
Risk Assessment Development and Assessing
-
Business Continuity, Disaster Recovery, and Incident Response Plan Development and Assessing
-
Policy Development and Assessing
-
Security Awareness Program Development and Training
Let's Get in Touch!
*Your information is private, we will NEVER share or sell your information with anyone.