Technology Risk Advisory Services

Information privacy breaches and ransomware attacks are at unprecedented levels. Earney & Company Technology Risk Advisory is here to assist your organization with an independent assessment of cybersecurity. Our highly experienced and credentialed team has worked with companies of all sizes and structures as well as government entities. We can help your organization ensure best practice controls are in place, properly designed, and functioning effectively in order to avoid the business interruption, operational losses, regulatory penalties, and reputation damage that come with system compromise. Our assessment tools are mapped to most of the major information security control frameworks.

Our Cybersecurity Risk Assessment is conducted based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and we right-size our approach to your organization’s risk environment and privacy compliance requirements:

• Consists of scoping the organization’s technology assets, endpoints, and evaluating the design of security controls in place against the NIST CSF Framework detail elements and best practice.
• Control improvements for any identified gaps are recommended based on best practices in each area, for each element, with respect to organizational complexity and efficiency.
• Provides Executive Management and IT with a prioritization of any security gaps identified along with improvement recommendations. This can serve as a virtual blueprint for your annual security planning process.
• The cybersecurity risk assessment provided will help ensure the organization remains in step with industry regulatory privacy requirements, which are integrated to our programs
• Our process includes a review of vendor security controls via examination of Service Organization Control Reports (SOC) as well as any Business Associate Agreements (HIPAA) and Master Service Agreements (MSA) / Service Level Agreements (SLAs) to help ensure your reliance on vendor security is justifiable.

Information Privacy Regulatory Compliance

Earney & Company can perform an independent review of Cybersecurity and Privacy Compliance for Healthcare (HIPAA) as well as Financial Service Firms (SEC Reg S-P, NCUA, GLBA), Government, and Education (FERPA). Our integrated cybersecurity and privacy risk assessments are vital to trusted service organizations such as Law Firms as well. Our methodology includes a review of your vendor security agreements and Service Organization Control Reports (SOC-2 ) to help you document justifiable reliance on vendor controls. This has proven to be extremely important in the event of a key vendor breach.

NIST 800-53 Controls Review and Audit Readiness

We can assess the design and operating effectiveness of your Information Security controls against the NIST 800-53 family of controls / framework. This is the most widely accepted comprehensive IT security control best practice framework across Federal, State, and Municipal Governments, Government Contractors, and many industries. Our tool is designed for efficient execution and we have over 35 years of combined experience with right-sizing best practice information security controls on the team. We can perform smaller, more focused reviews as well, such as Information Asset Inventory processes or Disaster Recovery Plan readiness.

CMMC / NIST 800-171 Readiness

The time is now for Department of Defense vendors and subcontractors to evaluate their security posture for CMMC audit preparedness. Earney & Company can assess your CMMC Readiness and NIST 800-171 compliance position. Our efficient tool and methodology will not only ensure you are prepared for the C3PAO audit, we can also evaluate the effectiveness of your cybersecurity comprehensively. This way you establish audit readiness and ensure adequate security posture to defend against breach, intrusion, or accidental loss, regardless of what CMMC “level”is required for your organization.

Red Team Assessments – Penetration Testing – Vulnerability Scanning

How will your organization fare against a determined hacker or automated spear phishing campaign?

Earney & Company’s Red Team Assessment is a well-planned and orchestrated real-world attack that will identify gaps in your company’s security posture and enable proper correction. Our team has experience leading and performing penetration tests and vulnerability scans in diverse settings nationally. Led by an experienced CISSP, our Red Team tools are top-rated. We are confident that the process will be enlightening for your company’s leadership and will assist you in developing a culture of awareness in this accelerated threat environment. Our clients will say that our cybersecurity assessment approach is highly collaborative; we are here to help Carolina businesses ensure they are sufficiently protected and supported and to help technology professionals and senior executives alike to be successful in their efforts to protect organizational assets.

Our Red Team Assessment and Vulnerability Scan can be integrated to a comprehensive cybersecurity risk / information privacy assessment or tailored cybersecurity audit program depending on your risk profile and frameworks needs.

System Implementation Assurance

Our team has over 20 years of Enterprise Resource Planning (ERP) and Financial Reporting Software, as well as Electronic Medical Record (EMR) implementation assurance experience. Our approach will help avoid issues at go-live and costly errors in critical areas such as interfaces and data migration / conversion. We will ensure your critical processes are tested by system regular users to help ensure functionality and avoid surprises.

SOC Readiness

If you are preparing for a SOC 1 or 2 Audit, our team can perform a readiness assessment and create a documentation set which can dramatically reduce the audit fee and ensure you are prepared to pass with good controls when the external SOC audit team arrives.