The business environment is constantly changing and new threats emerge every day. Failure to identify, assess and mitigate IT risk sets the business up for serious security breaches and financial losses down the road.
Steven Douglas Associates IT Risk Management and Audit experts can work with you to develop an intelligent approach when it comes to assessing IT risk and managing compliance.
Our highly experienced Team brings years of IT Security knowledge including developing products and services, managing and implementing security programs, HIPAA, GLBA, SOX assessment experience and auditing experience including SAS 70, SOX, and HIPAA. Other areas of expertise include vulnerability management, end-point protection, PCI-DSS, and BCP/DRP. Team members have also consulted for various US Federal Government agencies such as the Department of Defense (DoD) and the Department of Homeland Security (DHS).
Our solutions framework includes:
- IDENTIFICATION – We establish the scope of the organization, location and stakeholders, and identify processes, applications, and projects for assessment, preparing a high level project plan.
- ASSESSMENT – We assess your information security policies, processes, and technologies to identify weaknesses, and categorize security risks. Through this process, we conduct a gap assessment and make recommendations and then review the schedule with management and report our findings in an executive summary.
- REMEDIATION – We develop a remediation plan, analyze remediation plan for build vs. buy, and implement process improvement and re-engineering, software selection, and personnel training.
- SAMPLE ENGAGEMENTS
- Led Risk Assessments for a $6B Regional Bank for various products under FFIEC guidance and GLBA assessments.
- Conducted PCI Readiness Assessment and prepared policy, procedures and PCI security standards for a Cruise Line.
- Directed HIPAA Risk Assessment across more than 50 medical centers across the US. Developed a remediation plan, assisted in developing policy, procedures and implementation of the policy and procedures.
- Conducted an IT Governance audit to identify risks and financial savings for a Regional Power distribution and delivery company. Developed a roadmap to mitigate risks and achieve savings.
- Assisted a National Mortgage Company in conducting a Security Assessment based on ISO27002, GLBA and FDA/CFPB focusing on PII. Developed policy, procedures and standards for the client to implement and move from a reactive posture to a proactive approach.