Services

Rook provides comprehensive services at each stage of the IT Risk Management Life-cycle from Planning & Design to Control Implementation, Audits, Assessments, and Remediation. Whether your company is high growth and is preparing for regulations such as SOX, PCI, or HIPAA or are interested in obtaining more value from your annual IT Audits and Security Assessments, our team is here to help. We understand that businesses change. Risks evolve.  So do our services. We stand out from our peers because we focus on lowering your costs associated with commodity offerings (PCI, SOX, Vulnerability Assessments), etc., and re-investing the funds in initiatives that will impact the bottom line through cost avoidance or reduction.

IT Risk Management, Metrics & Governance

Customizing a framework & deciding on policy selection is challenging for most companies let alone making decisions about the audit cycle, how proscriptive policy statements should be, and agreeing upon ownership. Rook provides executive staff with decision support, and fast-tracks the most time intensive portions of IT Risk Management & Governance planning activities so you can get your program up and running or back on track with strategic precision. At Rook, we design programs that help you manage risk without becoming bloated and costly, enabling your company to grow uninhibited and for your Risk Management Program to grow with you.

Audit & Compliance

Companies are often faced with deciding to go with Big 4 quality or the depth of skill and cost effectiveness of a niche boutique. Why not have both? At Rook, our Audit teams are comprised of former Big 4 consultants and in-house audit staff as well as highly technical members of Fortune 500 technical teams. After cross-training these team members to combine technical aptitude with process, control, and audit skills, Rook team members are exceptionally prepared for identification of cost effective options to remediate identified issues. Rook provides assistance with SOX, PCI, HIPAA, GLBA, FISMA, NERC CIP, or any other acronym that may be thrown at you in your role.

IT Security Assessments

Often, traditional IT Security Assessments are too long, too complex, and don’t provide value to both IT and the business. At Rook, our technical team members are supplemented with highly skilled Sr. Managers who have a thorough understanding of how the technical issues identified during testing can be communicated and evaluated in a way that executive management will appreciate. The team has conducted many types of assessments including Vulnerability Assessments, Internal and External Network Penetration Tests, Web Application Security Assessments (Black and Grey Box), Firewall Ruleset and Network Security Architecture Reviews, Digital Forensics, Incident Response, GPO Baselines, System Hardening, NERC CIP Assessments, Social Engineering Assessments, and more.

Resource Augmentation

When budgets have been slashed to the bone and forecasting is becoming more re-active than pro-active, we understand how difficult it can be to not only obtain headcount, but synchronize the job req. with increased demand for IT Support Services. Rook has an extensive bench of on-call specialists available to assist with needs ranging from Internal Audit Support to Implementations, Security Ops Monitoring, Remediation Support, Security Administration and even specific technology support for configuration, tuning, or maintaining. With a same day or 24 hour turnaround, both in-house and remote offerings, Rook provides you with the flexibility you need to maintain resources in these challenging times.

Physical Security Assessments

Workplace and personnel security are of utmost importance to responsible corporations. At Rook, we have a physical security team who has conducted physical security assessments for small businesses to Fortune 100 companies. Our assessments start with a work session where we discuss workplace dynamics, politics, forecasted down-sizing, federal and state legislation, and help companies determine a strategy for balancing cost and risk.  Do you need executive protection, armed plain clothes guards to escort terminated employees, or intelligence about the safety of employees traveling aboard? Through our partnerships for special circumstances as well as our internal expertise, we are here to help.