A complete cybersecurity audit is performed to validate what has been implemented in a policy, or documented controls, is happening and that there is a control mechanism in place to enforce it. Our team of audit, cyber, and IT professionals will provide an overall assessment of the organization’s cybersecurity practices and controls, both physical and non-physical, that can potentially lead to its compromise.
A compliance audit is an independent evaluation to ensure that an organization is following external laws, rules, and regulations or internal guidelines, such as corporate bylaws, controls, and policies and procedures. Compliance audits may also determine if an organization is conforming to an agreement, such as when an entity accepts government or other funding. Compliance audits may also review IT and other security issues, compliance with HR laws, quality management systems, and other areas. Our team of professionals will assess the overall effectiveness of your organization’s compliance practices and protocols.
Cybersecurity Risk Assessments
Risk, measured in terms of impact and likelihood, is the possibility of an event occurring that will have an impact on the achievement of objectives. A Risk Assessment is a systematic process for identifying, evaluating, and prioritizing risks and threats, whether internal or external, facing your organization. Our cybersecurity risk assessment strategy is to identify threats that could affect the Confidentiality, Integrity, and Availability of systems and data and the Safety of the people, connected devices, and the physical environment.
Our ultimate goal is to assist identifying and evaluating the risks and constructing the roadmap for ALL organizations to create a culture of cybersecurity awareness and implement the safeguards necessary to secure data. When performing a risk assessment, we take a holistic approach to assess policies, assets, workflows, and value streams to provide results that are comprehensive and clear. Overall, when complete, each organization will get a better understanding of the capabilities of defenses put in place against malicious attacks.
The Department of Defense is creating a new standard called the Cybersecurity Maturity Model Certification. This standard will replace NIST 800-171 on DoD requirements in late 2020. The CMMC will review and combine various cybersecurity standards and best practices and map these controls and processes across several maturity levels that range from basic cyber hygiene to advanced. For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats.
The CMMC will not provide a self-attestation component, and every organization that does business with the Department of Defense will be required to undergo an audit by an authorized auditing entity before bidding on a contract or subcontracting to a prime. Stetson can help you certify under the new CMMC model.