Certified Public Accountants
& Business Consultants

Cyber Security Services

CyberSecurity_Cycle.pngIt’s a matter of when, not if, you will be impacted by a cyber security event. Cyber crime is a low-risk, high reward, endeavor for criminals, and with high enough returns it is attracting highly organized and sophisticated criminals. The attack surface available to these criminals is global, anyone connected to the internet is a potential target and with the fragmented global legal enforcement, cyber criminals often act with no fear of criminal prosecution. The increased volume and sophistication of the threats means anyone connecting to the internet must use a continuous process of assessing and addressing threats and vulnerabilities. Quickly identifying and addressing vulnerabilities, minimizes the risk of compromise and breach. RubinBrown can help organizations design, plan and preform these assessments.


Cyber Security Services from RubinBrown

RubinBrown’s Cyber Security Services team monitors emerging threats and trends, develops tools and methodologies to address them, and delivers specialized services to organizations seeking independent third party security services. CyberSecurity-Penetration-Testing-Graphic.pngOur services range from technical security testing, to high level security assessments, security compliance assessments and security consulting:

  • Cyber Security Health Checks
  • Network Penetration Testing
  • Web Application Security Assessments
  • Phishing & Social Engineering Assessments
  • Security Compliance for NIST, HIPAA, PCI DSS, FERPA, FFIEC, NCUA and many more
  • Policy and procedure assessments and updates
  • On-demand CISO Support
  • SOC2 controls readiness, consulting and attestation services

One size does not fit all. Most clients’ security requirements are unique, changing as new threats emerge and your organization grows. The Cyber Security Services leadership has decades of experience performing hundreds of projects. We have the experience and understanding to adapt our approach to your needs and requirements.

Our information security projects deliver several layers of feedback including:

  • Actionable, management and board-ready deliverables
  • Tactical and strategic recommendations customized to your environment
  • Technical details with supporting information including raw data, analysis and recommendations for knowledge transfer
  • Security compliance analysis to address the regulatory and compliance issues relevant to your environment

When is the last time you assessed your cyber security?

Do you have audit, regulatory or compliance requirements for periodic security testing?

Does your organization have critical information or systems? How are they protected?

Do you know where and how your critical data is collected, processed, stored and eventually destroyed?

Is your security awareness training effective? Do you have issues with phishing emails, ransomware or other types of social engineering?

Are your vendors held to the same security standard as you? Do you have evidence to support?

  • Certified professionals including:
    • CISSP
    • CEH
    • CISA
    • CRISC
    • ISSMP
    • ITIL
    • PMP
    • Advanced SOC for Service Organizations Certificate
  • Specialized security skills, decades of experience and a voice of reason
  • Scalable solutions for security assessments and security compliance
  • Global delivery capabilities through the Baker Tilly International network


Focus on Cyber Security: Web Application Security – Secure Your Web Application From Cyber Criminals

Web application vulnerabilities are a top target for cyber criminals. Websites, applications, servers and supporting infrastructure are exposed to the internet via web applications and thus are under constant attack. Many organizations perform network vulnerability scans on internet facing networks and systems, but often ignore web applications. The tests included in the network vulnerability scans generally do not test web applications and certainly do not perform deep vulnerability testing inside the application.


Focus on Cyber Security: Penetration Testing – Why pay someone to try and break into your network?

RubinBrown Cyber Security Center of Excellence – Security You Need to Know. Testing your cyber security on a regular basis is part of sound strategy to identify and eliminate risks in the environment. Penetration testing, or "white hat" hacking, tests the external and internal network to assess the effectiveness of controls. Whether you are demonstrating due care in addressing cyber security threats or addressing compliance requirements, penetration testing is a core component of regular security assessment efforts.


Focus on Cyber Security: Early Lessons Learned from the Equifax Breach

Powerful reminders about protecting your organization from a data breach. The Equifax breach has all the indicators of being the most costly data breach of our times. Over 143 million individuals affected, international impacts, poorly handled communications and distributing wrong information during the initial days after the announcement.


Focus on Cyber Security: Global Ransomware Attack

The WannaCry (aka WannCrypt, WannaCrypt0r 2.0 and Wcry) global ransomware attack raises significant concerns about wide scale attacks from self-propagating ransomware. It appears the initial threat has been stopped by malware researcher MalwareTech. However, the underlying threat is still present and there is consensus copycat (and better designed) attacks are imminent.


Focus on Cyber Security: Vulnerability Management

RubinBrown Cyber Security Center of Excellence – Security You Need to Know. New vulnerabilities are identified every day. Most of us have workstations set to auto-update, servers and applications are handled by the systems administrators, but there are more and more products, devices and applications in our environments. How do you track the patches and updates for all those manufacturers and providers?


Focus on Cyber Security: October is Cyber Security Awareness Month

Training Resources to Reduce your Risk. We all need security awareness training. Whether you just know it, it is required for compliance or a recent security assessment recommended it, we all know we need more security awareness training. Great News! October is National Cyber Security Awareness Month!


Focus on Cyber Security: Cyber Attest - The Changing Landscape

We are on the brink of a major shift in the cyber security landscape. Cyber attest allowing a focus on the entire cyber risk environment as well as a focus on particular systems. New proposed legislation, PCAOB discussions and new criteria from the AICPA on cyber attestation standards are all signs of impending changes that will require cyber security integration throughout the environment to provide transparency and assurance. Here are some of the proposed changes we believe could change the cyber security landscape.


Focus on Cyber Security: Protecting Against Cyber Extortion

Prevent, detect, recover and above all else prepare. Ransomware holding data hostage. Threats to release sensitive information. Disruptive denial-of-service attacks. All are extortion schemes used by cyber criminals to separate you from your money. Extortion schemes are not new, but cyber criminals are constantly looking for new ways to use our technology against us.


Focus on Cyber Security: Maintaining Security When Using Amazon Web Services

Moving data storage and processing to the cloud has been a growing trend for several years. As companies realize maintaining expensive computing infrastructure resources are no longer necessary, businesses are considering services like Amazon Web Services (AWS) to handle their infrastructure needs.


Focus on Cyber Security: U.S. Government Ramping Up on Cyber Security

The Cyber Security National Action Plan – what to expect. On the surface the news of the Cyber Security National Action Plan sounds impressive – increasing the federal government’s investment in cyber security by 35% to $19 billion and creating a Federal Chief Information Security Officer position.


Focus on Cyber Security: Your Internet Explorer Could Be Exposed

Microsoft Ending Support for Internet Explorer 8, 9 and 10.

Why do you need to care Microsoft ended support on Internet Explorer 8, 9 and 10 on January 12, 2016? We all use web browsers all the time. In fact, you may be reading this with a web browser right now. If you, or your organization, still use any of those versions of Internet Explorer you will no longer receive patches and updates, putting your system and organization at risk.