Standards and Regulations Expertise

Gramm Leach Bliley Act (GLBA) and Federal Financial Institutions Examinaion Council (FFIEC)

Gramm Leach Bliley Act (GLBA) and Federal Financial Institutions Examination Council (FFIEC)

  • FFIEC IT Examination Handbook InfoBase

  • FFIEC Cybersecurity Assessment Tool (CAT)

Health Insurance Portability and Accountability Act (HIPAA) and Heath Information Technology for Economic and Clinical Health Act  (HITECH)

  • NIST 800-66 Resource Guide for Implementing the HIPPA Security Rule

  • NIST HIPAA Security Rule Toolkit (SRT)

Payment Card Industry Data Security Standard (PCI DSS)

Payment Card Industry Data Security Standard (PCI DSS)

  • Self-Assessment Questionnaire (SAQ) A through D

  • Approach Tool

  • Gap Analyses

National Institute of Standards and Technology Security and Privacy Controls (NIST)

National Institute of Standards and Technology (NIST)

  • NIST 800-53 Security and Privacy Control for Information Systems and Organizations

  • NIST 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

  • NIST Cybersecurity Framework (CSF)

American Institute of Certified Public Accountants System and Organization Controls (AICPA)

American Institute of Certified Public Accountant System and Organization Controls (AICPA)

  • System and Organization Controls (SOC)

    • SOC 2 Type 1 and Type 2​

    • SOC 3

  • Trust Services Criteria (TSP)

    • Security

    • Availability

    • Processing Integrity

    • Confidentiality

    • Privacy

Service Expertise

Security Assessment Conduction and Review

Security Assessment Conduction and Review

You may be compliant, but are you secure? We take a technical deep dive on your IT infrastructure, assessing availability, confidentiality, and integrity of systems and information.

Compliance Audits Conduction and Review

Compliance Audits Conduction and Review

Are you compliant? From CFR Title 12 Part 30, 208, 364, 748, 1016, etc. (i.e. GLBA) to CFR Title 45 Part 164 (i.e. HIPAA) to PCI DSS Version 3.2 to SOC 2 Type 1 and 2, our audits can be tailored to fit your needs - engagements can address one, or all, of the above regulations / standards.

Vulnerability Assessments Conduction and Review

Vulnerability Assessments and Penetration Testing Conduction and Review

Are you compliant? From CFR Title 12 Part 30, 208, 364, 748, 1016, etc. (i.e. GLBA) to CFR Title 45 Part 164 (i.e. HIPAA) to PCI DSS Version 3.2 to SOC 2 Type 1 and 2, our audits can be tailored to fit your needs - engagements can address one, or all, of the above regulations / standards.

  • We use Nessus, ‘The Most Widely Deployed Vulnerability Scanner in the World.’

  • We conduct both external and internal assessments, and all of our assessments evaluate PCI DSS V3.2 compliance.

  • Penetration testing techniques include, but are not limited to, social engineering (spear phishing), password cracking, traffic sniffing, SQL injection / cross-site scripting.

Virtual Information Security Office (vISO) and Virtual Chief Information Officer (vICO) Consulting Services

Virtual Information Security Office (vISO) and Virtual Chief Information Officer (vICO) Consulting Services

  • Governance, management, design, implementation, and operations, along with related auditing and assessing. We’ve been doing it for 30+ years!

  • Board and Executive Governance

  • Executive and Middle Management

  • Technical Operations

IT Infrastructure, Network and Cloud, Design and Assessing

...and more!

  • IT Infrastructure, Network and Cloud, Design and Assessing

  • Risk Assessment Development and Assessing

  • Business Continuity, Disaster Recovery, and Incident Response Plan Development and Assessing

  • Policy Development and Assessing

  • Security Awareness Program Development and Training

Let's Get in Touch!

Thank you! We look forward to working with you.

(616) 558 3917

info@damianwaltersassociates.com

 

2022 Coronado Drive SE

East Grand Rapids, MI 49506

*Your information is private, we will NEVER share or sell your information with anyone.