BKD Cyber Services

Cyber Services

BKD Cyber Professionals Work Smarter to Help Protect Your Organization

In today’s increasingly connected world, your organization faces a number of threats and risks. A cyberattack could occur anytime and expose your company’s vital information, result in a theft, or introduce malware into your organization. The BKD Cyber team can help you develop a plan to protect against unforeseen attacks. Whether you want to prepare for the worst, respond to a breach, or remedy weaknesses in your systems, BKD is ready to assist.

Managed Security Services

BKD Cyber 24/7 Managed Security Services

BKD Cyber 24/7 Managed Security Services (Powered by Overwatch) brings a proactive approach to threat detection and response, centralizing enterprise-wide security management in one location and offering end-to-end monitoring services across your organization. This helps your security teams efficiently respond to threats and identify critical events before data is stolen or damage is done. Service provided by High Wire Networks, Inc.

Read More

Advisory & Training Services

Virtual Chief Information Officer (vCIO) Advisor Services

Need a Chief Information Officer (CIO)? BKD’s virtual ClO advisor services can assist with IT strategic planning, disaster recovery planning and testing, and more. In today’s fast-paced environment of technological change, significant opportunities exist for organizations to stay ahead, or get ahead, of marketplace conditions while leveraging technology as a strategic advantage. However, investing in hiring, training, and retaining a dedicated chief information officer (CIO) can be prohibitive and difficult to justify. BKD can help.

Read More

Virtual Chief Information Security Officer (vCISO) Advisor Services

Lacking a chief information security officer? BKD’s Virtual ClSO services can help provide security-based guidance on business continuity management, evaluate security incidents, develop information security awareness training and education programs, and more.

Read More

Business Continuity Planning

During times of crisis, businesses must continually adapt how they conduct themselves. It’s times like these when an organization is tested. Our business continuity planning services can help you develop or improve your existing business continuity, disaster recovery, and pandemic plans and related strategies to help ensure operational resiliency when you need it the most.  If you weren’t prepared to handle the drastic changes and challenges due to COVID-19, BKD Cyber can help.

Cybersecurity Awareness Training

Cybersecurity training is vital to help employees protect themselves and the company against cyberattacks and threats. By equipping employees with the right mindset and knowledge, they can identify and eliminate most cyberthreats and strengthen your frontline defenses. BKD Cyber offers a variety of training solutions to meet your various needs. These are often accomplished by on-site training sessions, webinars with live Q&A, virtual roundtables, and phishing simulations. We bring our national expertise and insight into these sessions to give you real-world examples, case studies, and lessons learned.

Proactive Control Testing & Security Assessments

HITRUST Solutions

Many healthcare clients are being required by partners, consumers, and other businesses to prove the security around the protected health information (PHI) they receive, store, and use. HITRUST provides industry standardization to evaluate healthcare organizations and the security of their PHI.

Our readiness services are designed to help management identify the appropriate HITRUST assessment for the business and prepare for the HITRUST examination. BKD Cyber can provide training, education, samples, and guidance to assist management in understanding the basis of the HITRUST report and the expectations for management when moving into the actual assessment work.

BKD offers various HITRUST solutions to help meet your organization’s needs:

  • HITRUST Readiness Assessment – This assessment is designed to help evaluate how closely an organization’s control environment aligns to the HITRUST CSF.
  • HITRUST Validated Assessment – This assessment will result in the issuance of two reports: the HITRUST CSF Validated Assessment Report and the NIST Cybersecurity Framework Report. A letter of either validation or certification also will be issued based on the assessment’s scoring.
  • HITRUST Interim Assessment – This assessment is only required for certified reports and must be submitted no later than the one-year anniversary date of the original certification.

Ransomware Risk Assessment

BKD Cyber’s ransomware risk assessment aims to identify control weaknesses and vulnerabilities that ransomware actors can exploit. Our methodology focuses on testing a variety of controls, including remote access configuration, phishing prevention, email and web protections, access controls, endpoint monitoring, end-user awareness, and backup resiliency. At the end of our assessment, we will provide you with our findings and recommendations to help your organization prevent, detect, and ultimately respond to a ransomware attack.

Read More

FedLine Assessment Services

FedLine Assessment Services can help you comply with the Federal Reserve Banks’ Security and Resiliency Assurance Program.

Read More

IT Audits & General Control Testing (SOX & IT Operations)

IT audits and general control testing evaluates your institution’s control environment based on current policies, applicable law, regulations or guidelines. Our tests can help assess your ability to safeguard assets, maintain data integrity, and effectively achieve security objectives. Below are some of the tests our BKD Cyber professionals can perform for you:

  • FFIEC – Information Technology (IT) General Control Testing
  • GLBA – Information Security Control Testing
  • FDICIA IT Key Control Testing
  • SOX IT Key Control Testing
  • Customized IT Internal Audit Control Testing

Cybersecurity Risk Assessment & CFAT

A cybersecurity (or information security) risk assessment can mean a number of things. Below are some of the assessments our BKD Cyber professionals can customize and perform for you:

  • FFIEC Cybersecurity Assessment for Financial Institutions
  • NIST Cybersecurity Framework Assessment
  • Information Security Risk Assessment
  • Gap Analysis and/or Validation Assessment
  • HIPAA Security (NIST SP 800-66)

Other specific risk assessments our team can offer include the following:

DFARS (NIST SP 800-171)
BKD can help by assisting you to (1) identify missing controls that are required to bring company policies and procedures into compliance with Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012, Federal Acquisition Regulation (FAR) 252.204.21, and/or NIST SP 800-171 requirements; (2) identify gaps in the design of existing controls; and (3) provide practical recommendations to close each identified gap.

Cybersecurity Framework Assessment Tool (CFAT)
BKD CFAT is a licensed web-based cybersecurity framework assessment tool that leverages various industry and regulatory risk frameworks to help assess both inherent and residual cybersecurity risks to organizations. Watch this video to learn more.

Explore CFAT

Cybersecurity Maturity Model (CMMC) Readiness
BKD can help you prepare for CMMC Certification (up to Level 3) to (1) identify missing controls that are required to bring company policies and procedures into compliance with CMMC practice requirements; (2) identify gaps in the design of existing controls; and (3) provide practical recommendations to close each identified gap.


Penetration & Vulnerability Testing

Technology infrastructure is the backbone of your organization. Some of the penetration tests we can perform include:

  • BKD Red Team
    • This exercise is an effective way to assess how a real-world breach could affect your organization and train your security team to more rapidly respond to a cyber incident.

      Discover BKD Red Team
  • Network – Internal and/or External
  • Social Engineering – Phishing, Pre-Text Calling, and In-Person
  • Web Applications
  • Cloud Services Pen Testing
  • Wireless Networks


Password Assessment

To help identify the network password strength for Active Directory accounts, we will test all user database files and encrypted passwords. Through use of advanced software, password databases, dictionary tables, and dedicated password-cracking hardware, we will attempt to crack weak (or known) passwords that could be exploited by an attacker. We will present all results in an executive-friendly report for analysis and training support.

Access Analyzer

You’re running your organization with the help of Microsoft Dynamics GP but may have concerns about employee access. An employee with too much access can pose a risk to your organization. Separating those conflicts of duties and making sure employees only have the access they need to do their jobs is crucial.

That’s why BKD developed Access Analyzer GP—an interactive, one-screen dashboard that helps identify conflicts in duties throughout your financial system. 

Read More

BKD WhiteHat Services

Drawing on extensive cybersecurity expertise, BKD WhiteHat Services helps give you peace of mind by combating black hat threats and guiding you through the necessary steps to address cyberthreats. With this monthly subscription, you’ll have access to a full suite of cybersecurity services, including a subscription to IntegraReport™—BKD’s fraud hotline service that can be used to report cyber incidents.

Regulatory Compliance & Privacy

Privacy Services

Our privacy services evaluate your organization’s needs to comply with applicable privacy laws, your policies and procedures, and your methods to demonstrate compliance. Our services can help you assess your ability to comply with international, state, and local privacy laws that may affect your business. BKD Cyber professionals in our privacy practice can help you with:

  • General Data Protection Regulation (GDPR) Compliance
  • California Consumer Privacy Act (CCPA) Compliance
  • Data Risk Assessment
  • Privacy Office Assessment
  • Data Mapping Services
  • Privacy Consulting

Model Risk Management

As part of BKD’s IT Risk Services division, BKD’s model risk management (MRM) advisory services works with clients to help ensure their MRM program is designed to satisfy all regulatory requirements and the institution properly manages all areas of model risk. Our professionals have extensive industry experience in MRM program development and oversight, accompanied with expertise in data analytics, statistical analysis, and data mining used in the development of artificial intelligence and machine learning technology. Below are some of the services our MRM advisory services team can provide:

  • MRM Program Assessments
  • Model Validations
  • Model Tuning and Calibration
  • MRM Internal Controls Assessments

Model Validations

Our model validation services provides “effective challenge” to determine if a model is performing as expected and is in line with the design objectives and business uses.

Our model validation consists of three elements:

  • Evaluation of conceptual soundness
  • Ongoing monitoring
  • Outcomes analysis (as applicable)

Our model validation services include vendor models and other third-party products if deemed within the MRM program scope for validation. Examples include, among others:

  • Global Vision Patriot Officer (BSA)
  • Verafin (BSA)
  • Abrigo BAM+ (BSA)
  • Abrigo/Sageworks (CECL)

Regulatory Compliance

Regulations affect almost every industry. Below are some of the key areas we can help assess based on your organization’s requirements:

  • GLBA/FFIEC/InTREx – Financial Institutions
  • GLBA – Higher Education
  • HIPAA – Healthcare
  • NIST 800-53, 800-171
  • ISO 27001

Payment Card Industry (PCI) Compliance

PCI Attestation: Any organization that accepts credit or debit card payments is subject to Payment Card Industry (PCI) compliance. As a qualified security assessor company, BKD can assist you with an independent annual assessment. Whether it’s a Report on Compliance (ROC) or Self-Assessment Questionnaire (SAQ), our team can help you complete your report and Attestation of Compliance (AOC).

PCI Readiness: For businesses that are uncertain of their PCI compliance, BKD Cyber provides advisory services through a readiness assessment. This involves evaluating your current environment against the applicable PCI requirements for your organization to help you see where you stand among the current PCI Data Security Standard.

SOC Attest Services

SOC for Cybersecurity

BKD Cyber professionals can assist with SOC for Cybersecurity, a voluntary reporting framework that can help communicate relevant information about your risk management program and its effectiveness. This information can help senior management, boards of directors, analysts, investors, and business partners gain a better understanding of organizations’ efforts.

Learn More About SOC

Preparation & Response Services

Incident Response Plan Development

BKD Cyber professionals can help you assess the strength of your incident response program. We can assist in developing your custom incident response plan or test your existing plan against cyberthreat scenarios—allowing your organization to stay current in its effort to mitigate the effect of an attack.

Incident Response Plan Training Services

Incident response plan training is designed to educate your team on how to appropriately respond to an attack or significant event. BKD Cyber offers a specific training course to meet this need. This is often accomplished by on-site training sessions, webinars with live Q&A, virtual roundtables, and phishing simulations. We bring our national expertise and insight into these sessions to give you real-world examples, case studies, and lessons learned. 

Incident Response Post-Breach Assessment

BKD Cyber can provide support if your organization faces a cyberattack. This includes providing computer forensic services to assess the effect and following the entire chain of custody process to appropriately handle media throughout the investigation process.

How can we help you?

Whether you need help mitigating potential threats or tackling an active cyber breach, we have a dedicated team of professionals ready to assist.