clipart130101.png

Audits and Security Frameworks 

Cyber Security Audit refers to an important process for cybersecurity. The audit will help identifying, analysis, and solving any problems early to ensure your company's data is safe from any Cyberintruders.

Annual Audits

Cyber Security Annual Audit is an important process to validate, maintain and secure your policies. It is necessary for an organization to keep best practices in Cyber Security. With extensive experience in various types of audit, Goode Cyber Security can assist your organization in responding and passing  Cyber Security Audits.

Goode Cyber Security Can Perform....

  • Annual SOC 2 Type 2 Audit   performed by independent CPA firm

  • Annual SOC 2 Type 1 Audit   performed by independent CPA firm

  • Annual HITRUST Level 1 Audit   performed by independent CPA firm

  • Annual Internal Penetration Tests   performed by Rebyc Security (EC-Council, ISACA, ISC2, and GIAC certified)

  • Annual External Penetration Tests  performed by Rebyc Security (EC-Council, ISACA, ISC2, and GIAC certified)

  • PCI DSS​

Additional Industry Security Assessments....

   Over the years, Goode Cyber Security has successfully completed Security Assessments to Financial Institutes, Health & Medical, Hospitality Industry, and more. Below are example of companies that Goode Cyber Security has successfully performed the Security Assessments. 

  • Charles Schwab   

      - completed  Insider & Third-Party Technology Risk (ITPTR)          Information Security Risk Assessment 

  • Fidelity 

      - ESR Onsite Risk Assessment

        (Bi-yearly) 

  • T. Rowe Price   

      - Vendor Security Assessment

        (Every year) 

  • Comcast 

      - Third Party Security Assessment 

  • United Health Group UHG 

      - EIS Vendor Information Security Risk Assessment with HITRUST controls.

  • Hospital Corporation of America

      - Security Risk Assessment 

  • Sodexo 

      - Third Party Security Assessment

  • FINRA 

      - Security Examination successful and completed

  • SPARK 

      - Data Security Industry Best Practices Standards

cybersecurity framework.png

(resource: nist.gov)

      Cyber Security Framework

            Security Framework  refers to voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications with both internal and external organizational stakeholders. (resource: nist.gov)

framework_edited.png

Goode Cyber Security can provide detail assessment for your organization's current operations and the frameworks you already have in place and determine if there are any gaps or outdated components . We can then deliver a comprehensive plan to fill in  the gaps or upgrade the outdated components. We have experience with several frameworks including NIST.

In addition we can review all of your security polices  and make sure your policies  are up to date and appropriate for your IT organization  as well as all employees.

A typical organization should have between 28-35 separate security policies to cover IT and all employees