Cybersecurity & Privacy Advisory Services

Cybersecurity risk evolves at a staggering speed. A global effort is underway to ensure the privacy of personal data and to protect it from cyber threats. At PKF O’Connor Davies, we engineer tailored solutions and risk assessment frameworks that holistically safeguard system, network and data resources. We help prepare for cyber intrusion incident response and deliver end-user cyber and privacy awareness education.

Engineering a high level of security awareness is key to protecting against hacking and cyber fraud.

A Sophisticated, Systematic Approach

Highly-qualified and deeply knowledgeable, our cybersecurity and privacy professionals serve as trusted advisors, helping businesses protect networks, computers, programs and data from attack, damage or unauthorized access. Our systematic approach is centered on our sophisticated, proprietary process for measuring the security of IT environments. This proven process results in a robust report that includes findings and recommendations for strengthening our clients’ cybersecurity and privacy programs.

Skilled at developing practical solutions that leverage existing resources for remediating deficiencies, our specialists ensure findings are clearly understood; they discuss issues that can be easily remediated and security opportunities that can be proactively implemented. When more problematic risk scenarios arise, they customize solutions to protect multi-layered systems and those with large amounts of confidential, financial, health and other personal data.

The Advantages We Deliver:

  • Profound Expertise – Principals and team members have strong foundations and accreditations in all aspects of information technology, privacy and cybersecurity. Constantly abreast of existing and potential threats and evolving regulations, our specialists serve as a single point of contact for all interactions, assuring heightened service and sensible cost efficiencies.

  • “Complete Perspective” Approach – PKF O’Connor Davies has significant experience in working with industries across all sectors. In addition to having cybersecurity, privacy and IT operational specialists assigned to the engagement, industry specific experts are also assigned to ensure that your operations are understood at a level no exclusive cybersecurity/IT audit firm could offer.

  • Scenario-Specific Solutions – To address all areas of cyber risk, we tailor programs to target a broad range of specific vulnerabilities. Because every organization is unique in its information security exposure and requirements, before any engagement begins we ensure that we understand the information security risks specific to the business model and the resources available to address them.

  • Knowledge Transfer – We have learned over the years that a key component to any engagement is the knowledge transfer that can be imparted throughout the engagement. Our goal is to educate those involved with the engagement so that they have an in-depth understanding of how risks are identified and quantified. We help to ensure that stakeholders have an understanding of our recommendations and how they will be effective in mitigating those risks.

  • Clear, Critical Communications –Information technology and cybersecurity have “languages” all their own. Our specialists understand both the complexities and nuances of advanced technology and are adept at translating these clearly. As a result, they are able to foster sound decision-making by senior management and board members.

  • Security and Privacy Awareness Support – Engineering a high level of security and privacy awareness is one of the most effective steps in protecting against cyber-attacks and handling personal information. Armed with in-depth knowledge of our clients’ organizations and operations, our specialists develop internal education programs that address specific needs, reflect employee populations, abilities and time constraints. Through these education programs, employees acquire an enhanced perception of cybersecurity and privacy and their own roles in protecting the organization and its data.

Comprehensive, Tailored Solutions

Our Cybersecurity & Privacy Advisory Services include:

  • Cybersecurity Risk Assessments
  • Vulnerability Assessments and Scanning
  • Threat Modeling
  • Network and Web Application Penetration Testing
  • Virtual Chief Information Security Officer (vCISO)
  • Social Engineering Campaigns
  • Security and Privacy Awareness Training
    • Customized Instructor-Led or Web-Based
  • Privacy Impact and Gap Assessments
  • Privacy Notice Development and Review
  • Privacy Regulation Compliance Support
    • General Data Protection Regulation (GDPR)
    • California Consumer Privacy Act (CCPA)
    • Family Education Rights and Privacy Act (FERPA)
  • Plan Development and Review
    • Incident Response
    • Disaster Recovery
    • Business Continuity
  • Forensic Data Acquisition and Analysis
  • Server/PC/Laptop/Cloud/Mobile Devices
  • NIST Information and Cyber Security Framework Assessments
  • HIPAA Security Rule Compliance Reviews and Risk Assessments
  • PCI-DSS Gap Analysis and Scope Reduction Assessments
  • SEC OCIE Cyber Security Assessments
  • FFIEC Cyber Security Assessment
  • NY DFS Cyber Security Assessments and Compliance (23 NYCRR Part 500)
  • ISO 27001 Framework Assessments
  • Configuration Reviews
  • IT Governance Development and Business Strategic Alignment
  • Policy and Procedure Development