Information assets are a key business resource that fuels growth and provides competitive advantage. Today’s business executives need an accurate and objective view of their organization’s ability to protect information assets from theft, compromise and destruction.
Over the past few years, many companies have seen a dramatic change in the cyber-risk landscape. The change is driven by a rise in the importance of digital assets, growing sophistication of cyber-attacks, and the extension of the corporate network to include the networks of customers, suppliers, and others.
Cyber-criminals often seek to extort money, create business interruption, steal personal identifiable information (PII) or protected health information (PHI), and gain access to intellectual property, such as business plans, trading algorithms, product designs, and source code).
At Baker Tilly, we draw from a deep understanding of your industry and extensive experience working with organizations like yours to build a unique cybersecurity risk profile. We then work with your team to gain a complete picture of your business risks, cybersecurity control environment, and applicable regulatory requirements (e.g., Health Insurance Portability and Accountability Act - HIPAA, Federal Information Security Management Act – FISMA). We provide practical and actionable guidance to strengthen your cybersecurity policies, processes, and technology by utilizing leading cybersecurity frameworks (e.g., NIST, HITRUST, ISO 27000/27001).
Our services include:
- Cybersecurity risk assessment
- Cybersecurity/Privacy compliance readiness (PCI DSS, HIPAA, NIST, FERPA, GLBA, Privacy Shield)
- Cybersecurity policy & program development
- Cybersecurity architecture & implementation
- Breach response preparedness & planning
- HITRUST assessment
- Network vulnerability assessment/penetration testing
- Social engineering/phishing
- IT project risk review
- IT risk & effectiveness assessment
- Business continuity planning & management
- Disaster recovery
- Programs addressing:
- Model Audit Rule
- PCI DSS
- ISO 27001
IT Process Assurance
- Outsourced IT audit
- Co-sourced IT audit
- IT Sarbanes-Oxley (SOX) readiness & testing
- Service Organization Control (SOC) reporting
- SOC 1
- SOC 2
- SOC 2 + HITRUST
- Cybersecurity attestation readiness