Audit, Compliance & Consulting
Today's information systems go beyond just enabling business, they form the critical backbone of almost all business processes. That means that unmitigated cyber security risks can have devastating effects. Having the right controls can reduce risk, but how do you know you're doing the right things? How do you know your controls are effective? Let SynerComm's team of AssureIT consultants assess, validate and align your security program to meet business objectives.
Information assurance is the practice of managing risks pertaining to data and data processing environments. Effectively managing risk requires a deep understanding of the weaknesses that leave assets vulnerable and the controls that protect them. SynerComm's AssureIT consulting engagements provide the essential vulnerability details, gap analysis and mitigation solutions to reduce risk and strengthen information assurance programs.
Our Clients Often Ask
- Do we have the right controls in place?
- Do our controls provide the protection we expect?
- How mature is our security program?
- How do we compare to our industry peers?
Audit & Assessment Offerings
Each AssureIT consulting engagement is customized to meet the specific needs of our clients. For small to mid-sized companies this can include broad, high-level reviews of your entire security program. For mid to large-sized companies, this includes:
Common Audit Areas
- Security Program Maturity Assessment
- IT Risk Assessment
- Administrative – Policies & Standards
- Network – LAN, WAN, Wireless & Firewall
- Security Infrastructure & Controls
- Active Directory
- Password Security & Management
- OS Standard Builds – Windows, UNIX/Linux, etc.
- Physical Security
- Detection & Monitoring
- Access Control
- Incident Response Preparedness
- Malware & Ransomware Preparedness
- Logging & Alerting
- Business Impact Analysis
- Vulnerability & Patch Management
- Disaster Recovery & Business Continuity
- Data Backup
- Change Management / Detection
- Vendor Management
- Software Development Lifecycle
Regulatory & Compliance
- FFIEC – IT Audit, Vulnerability Assessment & Penetration Testing
- Cybersecurity Assessment Tool (CAT)
- IT Risk Assessment
- HIPAA / HITECH
- NIST Gap Analysis
- Payment Card Industry (PCI)
- QSA Report on Compliance
- Gap Analysis
- Self-Assessment Questionnaire
- National Institute of Standards and Technology (NIST)
- Center for Internet Security (CIS)
- ISO 27000 Series
Risk Assessment Framework
Information Security is not a project - rather it is a continual process. As vulnerabilities and best-practices change, so too must your information security. This approach is better known as an Information Security Lifecycle.