Dan Tuuri, CISA, CISSP, GIAC-SSAP
Connect on LinkedIn
989-278-8450 | dan@tuuri.us
In 2009 I founded Computer Security Team, LLC. which is now SecAud. At the time a local manufacturer had reached out to me, their largest customer had started requiring the supplier to conduct an annual security assessment and review as a requirement of their own SOX compliance. I engaged with the group to perform a full security review and checklist, an assessment of policies and procedures, a physical penetration test, vulnerability scanning, and several scenario table top discussions.
I took pride in delivering a high quality product at an affordable price. Quotes from larger audit and security firms for this work quoted tens of thousands of dollars. I was able to execute the work for one quarter of what the big firms wanted to charge.
Today the story is the same as the engagement that started the organization. Organizations are doing business with publicly traded companies, government entities, or may be confronted with technology self-study questionaries for their banking, credit card, or insurance renewals. There isn't a choice of whether not to comply, it simply needs to be done.
The choice businesses do have though is the partner that they engage with to perform this work.
Security audits are a critical component of any robust cybersecurity strategy, providing a thorough examination of an organization's information systems, policies, and procedures. All IT security audits are conducted following guidelines from ISACA and other industry standards to identify vulnerabilities, ensure compliance, and assess the effectiveness of security controls. Through both internal and external assessments, we evaluate your organization's defenses against potential threats and recommend actionable steps to enhance security posture. This process not only helps in mitigating risks but also demonstrates a commitment to maintaining the highest level of data protection and compliance. In disclosure, not all artifacts or programs are available, and I am not a CPA. It is important to discuss the full scope of your need prior to engagement.
Assessments are foundational to understanding the current state of an organization's cybersecurity posture. Comprehensive security assessments that we deliver encompass vulnerability assessments, penetration testing, and risk assessments, aligned with frameworks like NIST, CMMC, PCI DSS, and ISO 27001. By systematically identifying weaknesses in your IT environment, our assessments help prioritize risks based on potential impact, providing clear, strategic recommendations for improvement. These assessments are crucial for organizations looking to enhance their security measures, achieve compliance, and protect their critical assets from evolving cyber threats. Deliverables include an actionable risk register and findings which prioritize the most critical areas for you to remediate.
Security awareness is essential to creating a resilient organizational culture that understands and responds to cybersecurity threats. The majority of cyber incidents can be traced back to user error or action, and not a failure of technical controls or safeguards. A robust awareness programs is designed to educate employees about the latest threats, safe online practices, and the importance of data protection. By fostering a culture of security mindfulness, the risk of human error is mitigated. Through customized training sessions, workshops, customized phishing scenarios and simulations packages are designed to address the unique and specific needs of your business. With an understanding of industry challenges and regulatory requirements, the program ensures that all staff members are prepared to recognize and respond to potential threats.
Developing and maintaining effective security policies is crucial for guiding an organization's approach to managing and protecting its information assets. Policy review engagements are not simply a cookie cutter applicaiton of existing language, it relies on expertise and resources in the creation, review, and enhancement of IT security policies that align with regulatory requirements and industry standards such as ISO 27001 and COBIT. By establishing clear policies, organizations can define acceptable behaviors, enforce compliance, and create a structured framework for risk management. These policies serve as the foundation for a strong security posture and help safeguard against breaches, data loss, and other cyber threats. As a SHRM-CP Human Resources certified professional I have the experience to ensure that IT security policies support, not hinder, your organization.
In the dynamic field of cybersecurity, change management is vital for maintaining secure and stable IT environments. Change management services ensure that all modifications to your IT infrastructure are planned, tested, and implemented securely, minimizing the risk of introducing vulnerabilities. As a Prosci Certified Change Practitioner I am able to apply the ADKAR methodology to ensure value is recognized by the organization and that change adoption is successful. I am a certified Project Management Professional (PMP) and have held the ITIL Foundations certification for nearly twenty years. Ensuring change management controls are in place to manage changes effectively is criticial. Protecting your organization by modeling processes for updates, patches, and system upgrades that do not compromise security or compliance. Through a controlled change control process, I help organizations adapt to new technologies and evolving threats while protecting critical assets.
The three sites below are trusted resources that can help your small business improve your security baseline:
Ensuring your organization is aligned with established best practices is critical. These are some of the frameworks I have utilized: