Technology touches every aspect of your business, from financial systems, to your smart device, to the computers on your employees’ desks. It’s critical that you manage and mitigate your risk around technology in order to safeguard your assets.
Clark Nuber can help. We will work alongside your organization to prepare and deliver IT services that are leverageable, repeatable, transferable, and sustainable for your management team and your external requirements.
Our services include:
Certification and Attestation
Clark Nuber can prepare any of the three SOC reports. These reports are appropriate for organizations that perform a financial reporting function or handle sensitive information. This includes financial institutions, retirement plan record keepers, payroll service providers, data centers, Internet service providers (ISPs), Software as a Service (SaaS) providers, and more.
Our services include:
- Gap analysis – Clark Nuber can help you assess the range and quality of controls in your organization prior to a SOC reporting examination. By addressing gaps, you can increase your compliance with the reporting standards and get a better result from the examination.
- SOC 1 (SSAE 16): Tests of internal controls over a financial reporting function.
- SOC 2: Tests the operation of your controls against the five areas of the Trust Service Principles: security, availability, processing integrity, confidentiality, and privacy. Learn more about our SOC 2 services.
- SOC 3: An engagement which produces a report in the form of an executive summary that outlines information related to a service organization’s internal controls across their chosen trust service principles.
Penetration Testing Services
A phishing attack is a fraudulent attempt by hackers to obtain sensitive information by disguising themselves as someone you may know. It often takes the form of an email cleverly manipulated to appear as though a manager or colleague sent it. The email will usually contain a link to malicious programming, or instructions for the employee to wire money or mail gift cards to someone.
Awareness and training are the best defense against these phishing attacks. To begin establishing defenses in your organization, Clark Nuber performs a benign phishing attack to draw attention to weak points in your security. We operate just as potential hackers would when setting up our phishing attack. This real world experience creates awareness and offers immersive training to your employees on how to spot suspicious requests.
Simulating a real-world cyber attack is the best way to discover your company’s vulnerability. Known in the industry as a Penetration Test, this benign hack of your organization is the only way to see beforehand where your defenses are effective and where lapses could occur that endanger your organization. Penetration testing will give you the answers to improve your security.
Our trusted experts will perform:
- Reconnaissance: Gather evidence and data on the target using leading techniques.
- Vulnerability Scanning and Penetration: Look for vulnerabilities and attempt to exploit them.
- Provide a Final Report: This will be designed for both executive management and technical IT departments.
Click here for a quote.
IT Audit and Assurance
A cybersecurity program governs the management of your information systems. It is a business process, not just a technology one. A strong cybersecurity program will keep your assets secure from threats and is a cost vs. benefit decision on how to optimize – not maximize – security spend. To ensure that your cybersecurity spend and effectiveness is optimized, we recommend adopting a security framework and customizing it to your organization, based on risk.
As part of our Cybersecurity Program Assessment, our professionals will perform an organization-wide review of your security processes and practices. We leverage various control frameworks, such as the NIST for Cybersecurity Framework or the CIS-20 framework. We’ll also ask questions, such as:
- Have you identified your meaningful assets and threats?
- Have you applied the adequate security tools (i.e., anti-malware)?
- If you got breached, would you know about it?
- If you got breached, do you know how to respond (i.e., execute incident response)?
- If you got breached, do you know how to recover your data and processes?
Click here for a quote.
It takes a whole suite of controls to run a business, but time brings changes to how business is conducted, and business processes and supporting IT systems need to adapt before controls become inefficient or outdated.
We can take an all-inclusive look at your finance and IT internal control landscape and streamline each process so you get maximum leverage from the design and operation of both manual and system-based controls. The outcome: a Risk & Control Matrix (RCM) document and testing work book that give you a simple and practical dashboard to help manage your business.
Clark Nuber has a range of reports such as current state vs. future state gap reports, control mapping, IT compliance readiness assessments, and process re-engineering or improvement reviews to help your organization achieve the next level of strategic growth.
Third Party Vendor Management
Certain Microsoft suppliers that collect, use, distribute, access, or store Microsoft Personal Information or Confidential Information will need independent, third-party confirmation of compliance with the Microsoft Supplier Data Protection Requirements.
If you qualify for this third-party confirmation requirement, Clark Nuber can help. We are on the Microsoft Preferred Assessor List and have conducted more than 200 assessments. Our team performs the examinations in accordance with attestation standards established by the American Institute of Certified Public Accountants. At the end of the engagement, you will be provided a Letter of Attestation as proof of compliance.
As a critical business supplier and partner, you may collect, use, distribute, access, or store your client’s information. Your client may send you a security questionnaire to validate how you’re managing this information. Our team is available to assess your environment and collect the necessary information to respond to these questionnaires.
Cybersecurity is on everyone’s mind, and for good reason. According to Keeper Security and the Ponemon Institute, roughly two-thirds of SMBs suffered some form of cyber attack in 2018. This number, and the attacks’ frequency and complexity, are only expected to increase.
Clark Nuber’s professionals stay on top of the latest trends and topics and know how to keep your organization secure. We are available to provide live trainings and demonstrations to your staff about the importance of cybersecurity. Our topics include, but are not limited to, securing passwords, social engineering, data security, and protection from malware.
Clark Nuber is committed to establishing a trusted IT consulting relationship with our clients, providing exceptional technology capability and strong business and IT process insights. We promote a highly collaborative and transparent work product that is supported by a project management style to deliver up-front recommendations. Our aim is to help you identify and mitigate the risks your organization is facing so you can capitalize on the opportunities in front of you.