Effective security depends on technology and processes.

IT audits are the most general and all-encompassing of the differing security assessments. These audits review and benchmark multiple areas of your organization to identify operational practices and systems configurations that represent risk to your sensitive information.

While many organizations are obligated to have a regular audit of their systems for compliance or regulatory purposes (such as a GLBA, HIPAA or PCI DSS audit), all organizations should perform an IT audit annually as part of an overall information security program.

Why It's Important

Information technology is a critical component of your operations, and a breach of security could cause significant damage to you and your customers. An effective information security program depends on both technology and processes.

It's vital for your organization to securely implement servers, workstations, routers and firewalls to reduce vulnerabilities and protect your sensitive information. Equally important are the policies, procedures and operational practices you use to configure, manage and operate systems.

Regular reviews of critical IT processes help your organization reduce potential risk. These reviews also provide you the opportunity to evolve your policies and procedures to better address emerging threats quickly.

Wow! Thanks a lot. When we were with a different processor, I never received this kind of feedback. Quite frankly, we never received any feedback. This gives me much more comfort with the PCI process. Thanks again!

– Rob Martini, CPA, Controller, Midwest Coin Concepts

How We Can Help

Your IT audit will be custom-tailored to your unique organization, based on your risk assessment if you have performed one. We perform hands-on security testing, review written documentation review and interview key staff to examine your:

  • Internet architecture
  • Firewall and router rule sets
  • Intrusion detection and prevention
  • Configuration management and security patching
  • Network and system documentation
  • Critical servers and workstations
  • Anti-virus system
  • User accounts and access rights
  • Security event logging
  • Backup processes
  • Physical security measures
  • Vendor management
  • Separation of duties
  • Incident response planning
  • Information security policies
  • Disaster recovery and business continuity

Sikich prioritizes the results of the testing based on the ease of exploitation, potential impact and overall risk to your organization. We fully describe each finding and recommend actions to address each vulnerability.

Blog Post: Ponemon 2011 Cost of Cyber Crime Study Facts

The Ponemon Institute released its Second Annual Cost of Cyber Crime Study today, and in it detailed some interesting, and quite sobering, facts.

  • The median annualized cost of cyber crimes, sampled from 50 organizations in the study, is $5.9 million per year—up 56% from the previous study in 2010.
  • The companies included in the study experienced more than one successful attack per company per week, up 44% from the previous year's study.
  • The average time to resolve a cyber attack grew from 14 days to 18 days, and in turn almost doubled the associated costs from $247,744 to $415,748, respectively.
  • Having a Security Information and Event Manager (SIEM) software solution in place reduced the percentage cost difference by 24%. Being able to quickly identify attacks when they happen can lower the overall cost of a cyber crime.

Read more »

Benchmark your security and get prioritized advice.

All it takes is your name and phone number or email address to learn more about our services and expertise. If you'd like, you'll also be able to send additional details after you submit your information here.