Critical Infrastructure Protection
Cybersecurity + Compliance + Managed Services
Risks associated with cyber systems containing or controlling Critical Infrastructure, PII and ePHI are growing as regulations mount, hacking tactics evolve, and bad press meets social media. The Federal Government and public demand protection of this information and assets, and these regulations can carry civil, operational and financial penalties. And companies are becoming keenly aware that compliance does not alone provide cybersecurity.
Many organizations are working to develop and support compliance cultures. In order to accomplish this, sustainable programs must be manageable, scalable, and transparent where compliance tasks are embedded with operational tasks. In return, leadership must be provided with timely and accurate information with which to make decisions – internal audit programs must measure, monitor and report the operational effectiveness of key controls.
Our team members served in operational, management, and auditor roles and have deep experience in regulatory compliance and affairs, internal compliance program development, cybersecurity, training development and delivery.
How We Help Clients
Audit Preparation
Gap analysis and recommendations
Compliance package creation and review (e.g. RSAWS, narratives, cross references, etc.)
Mock audits
SME/witness training and coaching
Mitigation Activities
Root casual analysis and corrective action generation
Organizational change management
Process design for key IT functions including user, asset, patch and change management
Process design for GRC tool to measure, manage and report internal control effectiveness