TJT Certified Public Accountants

TJT Information Security Risk Assessment Team

With limited resources for IT and security, many small businesses are vulnerable to attack and unsure of where to begin protecting themselves.  McAfee, Inc. estimates that computer crime costs the global economy up to $500 billion annually.  Large criminal enterprises, individuals, small groups, and disgruntled employees are all responsible for the explosive rise in cyber-attacks.  Verizon Communications, Inc. reported that in 2012 close to half of the data breach incidents they recorded occurred at companies with fewer than 1,000 employees, and nearly one-third of these incidents involved entities with fewer than 100 workers.  Symantec, Inc. confirmed this trend, reporting attacks against small businesses rose 18% in 2012.

Thomas, Judy & Tucker has developed an assessment to help clients better understand the threats facing the information security of their businesses and how to best mitigate these liabilities.  Areas of examination conducted by TJT’s certified Information Technology & Security professionals include:

  • Computer applications
  • System configurations
  • Cloud platforms
  • Mobile devices
  • Wired/Wireless networking
  • Physical access
  • Power/Communication infrastructure
  • Business Continuity/Disaster Recovery
  • Organizational policies

A penetration test involves a simulated breach of the organization. This includes attempts to gain physical access to secure areas and retrieval of sensitive documents, “phishing” (scam) communications, and forced entry via the Internet and/or wireless networks.  By identifying areas of weakness and demonstrating real-world examples of exploitation, businesses can focus resources on protecting themselves from the most likely attack vectors.  Thomas, Judy & Tucker, will guide clients with development of policies to better secure their organizations as a whole against internal, external and natural threats.

To conduct a thorough examination, some of the checks Thomas, Judy & Tucker perform are:

  • Internal/External vulnerability scans
  • Lock/Camera/Fence effectiveness
  • Physical/Digital penetration tests
  • Incident response evaluation

Information Security Risk Assessments are conducted according to internationally recognized ISO 27001 standards for securing organizations’ information assets.  Before testing begins, an interview is carried out with key figures to determine existing security concerns and identify potential asset and process targets.

On-site assessments, analysis and a comprehensive report can be delivered in three or four weeks.  Upon completion of the assessment, clients receive a clear written report describing tests conducted, risks and severity, and recommended mitigations.  Going forward, regular checkups can be performed to ensure security standards are maintained.