What we do

The common thread that runs throughout Rook is our belief that IT Security, Compliance and Risk Management should not be as complicated for businesses as it is today. We believe that when the IT Risk Management Program is built with cross-functional expertise from technologists, financial strategists, process ninjas, and marketing gurus that great things happen and sustainable improvement can be realized.

Our direct and practical approach to what tends to be considered complex business challenges has been a major advantage. This approach has enabled Rook to emerge with leading organizations who want to challenge the status quo, and who have been leaders interested in business driven improvement in IT, Security, and Compliance.

Our services are focused on solution sets around IT Governance, Technical Advisory, and Other services that are critical to our clients' success.

GOVERNANCE

Customizing a framework & deciding on policy selection is challenging for most companies let alone making decisions about the audit cycle, how proscriptive policy statements should be, and agreeing upon ownership. Rook provides executive staff with decision support, and fast-tracks the most time intensive portions of IT Risk Management & Governance planning activities so you can get your program up and running or back on track with strategic precision. At Rook, we design programs that help you manage risk without becoming bloated and costly, enabling your company to grow uninhibited and for your Risk Management Program to grow with you.

TECHNICAL

Often, traditional IT Security Assessments are too long, too complex, and don’t provide enough value to both IT and the business. At Rook, our technical team members are supplemented with highly skilled Sr. Managers who have a thorough understanding of how the technical issues identified during testing can be communicated and evaluated in a way that executive management will appreciate. The team has conducted many types of assessments including Vulnerability Assessments, Internal and External Network Penetration Tests, Web Application Security Assessments (Black and Grey Box), Firewall Ruleset and Network Security Architecture Reviews, Digital Forensics, Incident Response, GPO Baselines, System Hardening, NERC CIP Assessments, Social Engineering Assessments, and more.

OTHER SERVICES

High demand teams responsible for securing enterprises require on-demand support. Research requests are common from large clients who need to respond to other executive's requests for information on real-time threats and market making news. Incidents happen. Incidents will always happen. When they happen, our incident response team is accessible 24x7x365 and a phone call away. Cost reduction is always hot, regardless of the quarter. One way is through analyzing licenses and associated costs. Another popular improvement is through increasing the ability of internal team members to execute well to rapidly changing scenarios or to conduct training and awareness to end users. What's your challenge?

COMMITMENT TO CLIENT SUCCESS

Rook provides comprehensive services at each stage of the IT Risk Management Life-cycle from Planning & Design to Control Implementation, Audits, Assessments, and Remediation. When selecting a security and data protection partner, the focus should be on the results. Focusing on the numbers, the Rook team has:

• Reduced the cost of audit & compliance by 40% for a company that doubled in size the two years leading up to an acquisition by a F100 company
• Completed vulnerability scanning faster than an average of 5 minutes per IP to include 1300 IPs in a scanning window prepared for 400 IPs.
• Conducted a network penetration test, device configuration review, and integrated with a F1000 client team to guide remediation efforts for all findings within 24 hours from start to finish to support the commissioning of a new office location.
• Helped a high growth company become compliant with their major client’s privacy requirements in less than 8 months without disruption to IT or the business. Provided advisory services and training to IT Operations, sales, and business owners to assist in establishing a competitive advantage with their new privacy compliant micro-site offering that can be utilized to increase market penetration.
• What could we help your business unit accomplish?

Why Choose Rook?

Whether your company is high growth and is preparing for regulations such as GAPP, PCI-DSS, HIPAA or the myriad of other standards and regulations or are simply interested in obtaining advanced reporting from your annual IT Audits and Security Assessments, our team is here to help. We understand that businesses change. Risks evolve. So do our services. We stand out from our peers because we focus on delivering what matters. We do this by brining a talented team to each engagement to provide unique perspective and new ideas founded on business value and technical domain expertise. We focus on lowering your costs associated with commodity offerings (PCI, SOX, Vulnerability Assessments), etc., and re-investing the funds in initiatives that will impact the bottom line through cost avoidance or reduction by delivering what matters.