Managing Information Technology Assets Effectively
Technology brings innovation, automation, efficiency and competitive advantage to organizations; however, when such technology is not well designed, implemented and/or monitored, risks, exposures and vulnerabilities are created and achievement of business goals could be at risk.
Our Technology Risk Management professionals assist our clients in the improvement of their Information Technology Operational and Control framework by assessing the risks and exposures their IT assets and infrastructure are exposed to and implementing feasible and practical control activities and approaches to manage them according to your organization's risk tolerance. We look first at the business perspective and goals that are being supported by the specific IT infrastructure and analyze how the IT "Big Picture" plays a role in supporting the specific business process. In this way, IT risks and exposures are always kept in mind from the business perspective.
More and more organizations are required to comply with and ensure protection of sensitive and confidential data. Our professionals have extensive experience assisting organizations in the implementation of effective activities and controls to protect data and information. We have hands-on experience assisting clients on becoming and remaining compliant with SOX 404, HIPAA, PCI DSS, TAC 202 and other laws, regulations and standards requiring effective implementation of controls to ensure data requirements are fulfilled (confidentiality, accuracy, compliance, reliability and availability).
Our Technology Risk Management professionals have an average of fifteen years of experience and maintain professional certifications such as CISSP, CISA, CRISC and CISM. We have developed formal methodologies taking into consideration general accepted control frameworks such as CobiT4, COSO, ITIL, TAC202, ISO.
ERGO Consulting Group delivers the service approach that better fulfills our client's needs. We can provide complete solutions and manage your projects or we can provide seasoned professionals to complement our client's teams and work under their supervision. Regardless of the delivery approach, our proven capabilities include:
· IT Risk Assessments
· IT Compliance (SOX, HIPAA, TAC 202, GLBA, PCI DSS, etc.)
· Development of IT Governance and Control Frameworks (CobiT/ITIL)
· Development of IT Policies, Procedures and Standards
· Change Control & SDLC Assessments
· System Security, Computer Operations and Data Centers Reviews
· Assessment of ERPs and Automated Applications (SAP, Oracle, Peoplesoft, etc.)
· Development of Pre and Post System Implementation Reviews
· Data Conversions and System Upgrades Assessments
· IT Due Diligence for Mergers & Acquisitions
· Database Security Review
· Operating Systems Security Review (Unix, Windows, Lynux, etc.)
· LAN/WAN Reviews
· SOC Readiness Reviews
· WEB Application Security
· Disposition of IT Assets
· Attack and Penetration Assessments
· Threat and Vulnerability Assessments
· Continuous Monitoring
· IT Processes Improvement
· Project Management Office (PMO)
· Business Continuity and Disaster Recovery Planning
· Staff Augmentation