BKD Cyber Services

Services

BKD Cyber Professionals Work Smarter to Help Protect Your Organization

In today’s increasingly connected world, your organization faces a number of threats and risks. A cyberattack could occur anytime and expose your company’s vital information, result in a theft or introduce malware into your organization. The BKD Cyber team can help you develop a plan to protect against unforeseen attacks. Whether you want to prepare for the worst, respond to a breach or remedy weaknesses in your systems, BKD is ready to assist.

Advisory and Training Services

Virtual Chief Information Officer (vCIO) Advisor Services

Need a Chief Information Officer (CIO)? BKD’s virtual ClO advisor services can assist with IT strategic planning, disaster recovery planning, and testing and more. In today’s fast-paced environment of technological change, significant opportunities exist for organizations to stay ahead, or get ahead, of marketplace conditions while leveraging technology as a strategic advantage. However, investing in hiring, training, and retaining a dedicated chief information officer (CIO) can be prohibitive and difficult to justify. BKD can help.

Read More

BKD vCISO Advisor Services

Cybersecurity threats and data breaches are occurring every day with increasing frequency, and their pervasiveness, severity, and sophistication continue to rise. However, the leadership investment most organizations are making in this area is difficult due to cost of employing a dedicated chief information security officer (CISO). This role is often cost prohibitive and difficult to justify for most small to midsize businesses. This is where BKD Cyber can step in. Our virtual CISO (vCISO) services give you access to highly experienced security resources, help reduce stress and provide substantial value to your business. BKD’s vCISO advisors can help you navigate the existing threat landscape and seek solutions to help you keep your business and customers safe.

Business Continuity Planning

During times of crisis, businesses must continually adapt how they conduct themselves. It’s times like these when an organization is tested. Our business continuity planning services can help you develop or improve your existing business continuity, disaster recovery, and pandemic plans and related strategies to help ensure operational resiliency when you need it the most.  If you weren’t prepared to handle the drastic changes and challenges due to COVID-19, BKD Cyber can help.

Cybersecurity Awareness Training

Cybersecurity training is vital to help employees protect themselves and the company against cyberattacks and threats. By equipping employees with the right mindset and knowledge, they can identify and eliminate most cyberthreats and strengthen your frontline defenses. BKD Cyber offers a variety of training solutions to meet your various needs. These are often accomplished by on-site training sessions, webinars with live Q&A, virtual roundtables, and phishing simulations. We bring our national expertise and insight into these sessions to give you real-world examples, cast studies, and lessons learned.

Proactive Control Testing & Security Assessments

IT Audits & General Control Testing (SOX & IT Operations)

IT audits and general control testing evaluates your institution’s control environment based on current policies, applicable law, regulations or guidelines. Our tests can help assess your ability to safeguard assets, maintain data integrity and effectively achieve security objectives. Below are some of the tests our BKD Cyber professionals can perform for you:

  • FFIEC – Information Technology (IT) General Control Testing
  • GLBA – Information Security Control Testing
  • FDICIA IT Key Control Testing
  • SOX IT Key Control Testing
  • Customized IT Internal Audit Control Testing

Cybersecurity Risk Assessment & CFAT

A cybersecurity (or information security) risk assessment can mean a number of things. Below are some of the assessments our BKD Cyber professionals can customize and perform for you:

  • FFIEC Cybersecurity Assessment for Financial Institutions
  • NIST Cybersecurity Framework Assessment
  • Information Security Risk Assessment
  • Gap Analysis and/or Validation Assessment
  • HIPAA Security (NIST SP 800-66)

Other specific risk assessments our team can offer include the following:

DFARS (NIST SP 800-171)
BKD can help by assisting you to (1) identify missing controls that are required to bring company policies and procedures into compliance with Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012, Federal Acquisition Regulation (FAR) 252.204.21, and/or NIST SP 800-171 requirements; (2) identify gaps in the design of existing controls; and (3) provide practical recommendations to close each identified gap.

Cybersecurity Framework Assessment Tool (CFAT)
BKD CFAT is a licensed web-based cybersecurity framework assessment tool that leverages various industry and regulatory risk frameworks to help assess both inherent and residual cybersecurity risks to organizations. Watch this video to learn more.

Explore CFAT

Cybersecurity Maturity Model (CMMC) Readiness
BKD can help you prepare for CMMC Certification (up to Level 3) to (1) identify missing controls that are required to bring company policies and procedures into compliance with CMMC practice requirements; (2) identify gaps in the design of existing controls; and (3) provide practical recommendations to close each identified gap.

 

Penetration & Vulnerability Testing

Technology infrastructure is the backbone of your organization. Some of the penetration tests we can perform include:

  • BKD Red Team
    • This exercise is an effective way to assess how a real-world breach could affect your organization and train your security team to more rapidly respond to a cyber incident.

      Discover BKD Red Team
  • Network – Internal and/or External
  • Social Engineering – Phishing, Pre-Text Calling, and In-Person
  • Web Applications
  • Cloud Services Pen Testing
  • Wireless Networks

 

Access Analyzer

You’re running your organization with the help of Microsoft Dynamics GP but may have concerns about employee access. An employee with too much access can pose a risk to your organization. Separating those conflicts of duties and making sure employees only have the access they need to do their jobs is crucial.

That’s why BKD developed Access Analyzer GP—an interactive, one-screen dashboard that helps identify conflicts in duties throughout your financial system. 

Read More

BKD WhiteHat Services

Drawing on extensive cybersecurity expertise, BKD WhiteHat Services helps give you peace of mind by combating black hat threats and guiding you through the necessary steps to address cyberthreats. With this monthly subscription, you’ll have access to a full suite of cybersecurity services, including a subscription to IntegraReport™—BKD’s fraud hotline service that can be used to report cyber incidents.

Regulatory Compliance & Privacy

Privacy Services

Our privacy services evaluate your organization’s needs to comply with applicable privacy laws, your policies and procedures, and your methods to demonstrate compliance. Our services can help you assess your ability to comply with international, state, and local privacy laws that may affect your business. BKD Cyber professionals in our privacy practice can help you with:

  • General Data Protection Regulation (GDPR) Compliance
  • California Consumer Privacy Act (CCPA) Compliance
  • Data Risk Assessment
  • Privacy Office Assessment
  • Data Mapping Services
  • Privacy Consulting

Model Risk Management

As part of BKD’s IT Risk Services division, BKD’s model risk management (MRM) advisory services works with clients to help ensure their MRM program is designed to satisfy all regulatory requirements and the institution properly manages all areas of model risk. Our professionals have extensive industry experience in MRM program development and oversight, accompanied with expertise in data analytics, statistical analysis, and data mining used in the development of artificial intelligence and machine learning technology. Below are some of the services our MRM advisory services team can provide:

  • MRM Program Assessments
  • Model Validations
  • Model Tuning and Calibration
  • MRM Internal Controls Assessments

Model Validations

Our model validation services provides “effective challenge” to determine if a model is performing as expected and is in line with the design objectives and business uses.

Our model validation consists of three elements:

  • Evaluation of conceptual soundness
  • Ongoing monitoring
  • Outcomes analysis (as applicable)

Our model validation services include vendor models and other third-party products if deemed within the MRM program scope for validation. Examples include, among others:

  • Global Vision Patriot Officer (BSA)
  • Verafin (BSA)
  • Abrigo BAM+ (BSA)
  • Abrigo/Sageworks (CECL)

Regulatory Compliance

Regulations affect almost every industry. Below are some of the key areas we can help assess based on your organization’s requirements:

  • GLBA/FFIEC/InTREx – Financial Institutions
  • GLBA – Higher Education
  • HIPAA – Healthcare
  • DFARS
  • NIST 800-53, 800-171
  • ISO 27001

Payment Card Industry (PCI) Compliance

PCI Attestation: Any organization that accepts credit or debit card payments is subject to Payment Card Industry (PCI) compliance. As a qualified security assessor company, BKD can assist you with an independent annual assessment. Whether it’s a Report on Compliance (ROC) or Self-Assessment Questionnaire (SAQ), our team can help you complete your report and Attestation of Compliance (AOC).

PCI Readiness: For businesses that are uncertain of their PCI compliance, BKD Cyber provides advisory services through a readiness assessment. This involves evaluating your current environment against the applicable PCI requirements for your organization to help you see where you stand among the current PCI Data Security Standard.

SOC Attest Services

SOC for Cybersecurity

BKD Cyber professionals can assist with SOC for Cybersecurity, a voluntary reporting framework that can help communicate relevant information about your risk management program and its effectiveness. This information can help senior management, boards of directors, analysts, investors, and business partners gain a better understanding of organizations’ efforts.

Learn More About SOC

Preparation & Response Services

Incident Response Plan Development

BKD Cyber professionals can help you assess the strength of your incident response program. We can assist in developing your custom incident response plan or test your existing plan against cyberthreat scenarios—allowing your organization to stay current in its effort to mitigate the effect of an attack.

Incident Response Plan Training Services

Incident response plan training is designed to educate your team on how to appropriately respond to an attack or significant event. BKD Cyber offers a specific training course to meet this need. This is often accomplished by on-site training sessions, webinars with live Q&A, virtual roundtables, and phishing simulations. We bring our national expertise and insight into these sessions to give you real-world examples, cast studies, and lessons learned. 

Incident Response Post-Breach Assessment

BKD Cyber can provide support if your organization faces a cyberattack. This includes providing computer forensic services to assess the effect and following the entire chain of custody process to appropriately handle media throughout the investigation process.

How can we help you?

Whether you need help mitigating potential threats or tackling an active cyber breach, we have a dedicated team of professionals ready to assist.