Information privacy breaches and ransomware attacks are at unprecedented levels. Earney & Company Technology Risk Advisory is here to assist your organization with an independent assessment of cybersecurity. Our highly experienced and credentialed team has worked with companies of all sizes and structures as well as government entities. We can help your organization ensure best practice controls are in place, properly designed, and functioning effectively in order to avoid the business interruption, operational losses, regulatory penalties, and reputation damage that come with system compromise. Our assessment tools are mapped to most of the major information security control frameworks.
Our Cybersecurity Risk Assessment is conducted based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and we right-size our approach to your organization’s risk environment and privacy compliance requirements:
Earney & Company can perform an independent review of Cybersecurity and Privacy Compliance for Healthcare (HIPAA) as well as Financial Service Firms (SEC Reg S-P, NCUA, GLBA), Government, and Education (FERPA). Our integrated cybersecurity and privacy risk assessments are vital to trusted service organizations such as Law Firms as well. Our methodology includes a review of your vendor security agreements and Service Organization Control Reports (SOC-2 ) to help you document justifiable reliance on vendor controls. This has proven to be extremely important in the event of a key vendor breach.
We can assess the design and operating effectiveness of your Information Security controls against the NIST 800-53 family of controls / framework. This is the most widely accepted comprehensive IT security control best practice framework across Federal, State, and Municipal Governments, Government Contractors, and many industries. Our tool is designed for efficient execution and we have over 35 years of combined experience with right-sizing best practice information security controls on the team. We can perform smaller, more focused reviews as well, such as Information Asset Inventory processes or Disaster Recovery Plan readiness.
The time is now for Department of Defense vendors and subcontractors to evaluate their security posture for CMMC audit preparedness. Earney & Company can assess your CMMC Readiness and NIST 800-171 compliance position. Our efficient tool and methodology will not only ensure you are prepared for the C3PAO audit, we can also evaluate the effectiveness of your cybersecurity comprehensively. This way you establish audit readiness and ensure adequate security posture to defend against breach, intrusion, or accidental loss, regardless of what CMMC “level”is required for your organization.
How will your organization fare against a determined hacker or automated spear phishing campaign?
Earney & Company’s Red Team Assessment is a well-planned and orchestrated real-world attack that will identify gaps in your company’s security posture and enable proper correction. Our team has experience leading and performing penetration tests and vulnerability scans in diverse settings nationally. Led by an experienced CISSP, our Red Team tools are top-rated. We are confident that the process will be enlightening for your company’s leadership and will assist you in developing a culture of awareness in this accelerated threat environment. Our clients will say that our cybersecurity assessment approach is highly collaborative; we are here to help Carolina businesses ensure they are sufficiently protected and supported and to help technology professionals and senior executives alike to be successful in their efforts to protect organizational assets.
Our Red Team Assessment and Vulnerability Scan can be integrated to a comprehensive cybersecurity risk / information privacy assessment or tailored cybersecurity audit program depending on your risk profile and frameworks needs.
Our team has over 20 years of Enterprise Resource Planning (ERP) and Financial Reporting Software, as well as Electronic Medical Record (EMR) implementation assurance experience. Our approach will help avoid issues at go-live and costly errors in critical areas such as interfaces and data migration / conversion. We will ensure your critical processes are tested by system regular users to help ensure functionality and avoid surprises.
If you are preparing for a SOC 1 or 2 Audit, our team can perform a readiness assessment and create a documentation set which can dramatically reduce the audit fee and ensure you are prepared to pass with good controls when the external SOC audit team arrives.
Cyberattacks have grown exponentially in North Carolina and our nation in recent years. To help local companies and other organizations combat these threats, UNCW’s Center for Cyber Defense Education is convening a panel on August 20...read more
Cyberattacks have grown exponentially in North Carolina and our nation over recent years and are currently in an exponential growth curve. Earney & Company’s Director of Technology Risk Advisory Services Rob Duggan will be participating in a panel discussion to help Coastal Carolina organizations combat these threats.
UNCW’s Center for Cyber Defense Education is...
As 2019 came to an end, Congress passed two bills, which were then signed into law by the President. The “Consolidated Appropriations Act, 2020” and H.R. 1865, the “Further Consolidated Appropriations Act, 2020” are government funding bills that include numerous tax changes that directly affect taxpayers in past, current, and future tax years. The changes that are most likely to impact our clients are highlighted below.
The IRS and the FASB (Financial Accounting Standards Board) require non-profit corporations to present an analysis of their expenses – by function. That is, how is your organization using its resources? How much of your expenses are spent on “Management” versus “Program?” How much of your resources are used for “Fundraising” rather than “Program?” This type of analysis is required and useful for donors and lenders, but it is also a valuable tool for management.