Fall 2015 Issue of Horizons

Monitor activities to determine what needs to be updated or replaced. A comprehensive review of your systems should include a review of available logs, alerts, reports and key systems. Data flow should be traced (both inbound and outbound) and both controls and weaknesses should be identified. An effective review will also include an external vulnerability assessment, examining perimeter controls and identifying potential issues or vulnerabilities from external connections. Continuously identify and deploy new solutions to secure your data as your environment and the threats change. Consider developing a “red team” comprised of IT specialists who try to hack into your systems. This is a good way to identify vulnerabilities and determine where an “open door” may exist. Overall, in the current “when, not if” environment, a sustained focus on cyber security is imperative. It’s more important than ever to communicate with your leadership and board, adapt to the ever- changing threat environment and monitoring and test your systems. These are all pieces of the cyber security puzzle designed to minimize your risk and impact.

Prevention Is a Continuous Process Ongoing vigilance can be one of your most effective tools against cyber threats. Continuously educating and training employees is critical to combat the daily threats delivered via email and malicious websites. Are your employees aware of the threats and are they informed and trained on proper procedures? Are they encouraged to report possible breaches because those reports are vital to the company? Performing periodic assessments of the environment based on risks and threats can be extremely useful to understand where weaknesses may exist and how the security infrastructure detects and prevents attacks. This approach should also be applied to networks, systems and applications.

RubinBrown’s Cyber Security Advisory Services Group RubinBrown has a dedicated team specializing in cyber security services designed to meet each client’s requirements. We provide experienced security professionals for executive consulting, security risk assessments, vulnerability and penetration testing, vendor risk management and specialized security consulting.

Rob Rudloff, CISSP-ISSMP, MBA Partner Cyber Security Advisory Services Group 303.952.1220 rob.rudloff@rubinbrown.com

Audrey Katcher, CPA, CISA, CITP, CGMA Partner Business Advisory Services Group 314.290.3420 audrey.katcher@rubinbrown.com

www.RubinBrown.com | page 21