Risk Management & ComplianceIdentifying potential risks to your operations
Driving value out of your security investments
GraVoc helps your organization maximize the value out of security investments and ensure compliance with federal, state, and industry regulations. Our goal is to help you identify both potential risks and mitigation strategies.
Risk Management & Compliance Services Include…
GraVoc provides a variety of risk assessments that helps assist clients in making decisions regarding their IT infrastructure, their controls over sensitive information, and risk/reward propositions regarding overall operational risk. GraVoc also assists clients in assessing risk surrounding specific processes, operational changes, or new service offerings. GraVoc’s risk assessment process identifies risk domains to quantify inherent risk, then evaluates the strength of the controls in place at the organization and the controls’ ability to mitigate risks to an acceptable level.
Many of the risk assessments GraVoc assists with are used as the planning phase for a new product or service offering. Like the products and services of our clients, the scope and methodology of our risk assessments are under constant revision to keep abreast with new challenges and opportunities. We work directly with our clients to streamline the data collection and reporting process so that we can focus our attention on analysis and drive maximum value from the risk assessment process.
The most common risk assessments GraVoc performs are the IT risk assessment and the customer information risk assessment, both required for financial institutions under the Gramm-Leach-Bliley Act (GLBA). However, GraVoc’s risk assessment services have also included the following:
- Operational/Enterprise Risk Assessment
- Multifactor Authentication
- VPN/Remote Access
- Merchant Card/Terminal Processing
- Virtualization or Virtual Environment
- System Conversion
- Remote or Mobile Deposit Capture
Security Awareness Training & Program Development
A large challenge facing businesses of all sizes is the ability to properly protect confidential information. Particularly after the enactment of the Massachusetts Privacy Law, it is necessary for all organizations to have an information security program in place. GraVoc can assist at all levels of program development, from helping construct an information security policy, improvement of existing policies, and training employees on adherence to information security best practices. GraVoc has performed and documented training exercises for employees and board members on a variety of information security topics.
Social Engineering Testing
In many instances, the most significant threat surrounding an organization’s confidential information stems from the people chosen to both use and protect it. GraVoc’s social engineering exercises are designed to simulate actual attacks by executing the same methodologies used by attackers. In effect, test participants gain exposure and a better understanding of social engineering tactics without the harmful repercussions and damaging results of real-life attacks.
Among the most common social engineering exercises demonstrated by GraVoc are:
- Phishing Services
- Physical Breach
- Pretext Calling
- Pretext Mailer
After attempting a social engineering attack, GraVoc documents the observed results and provides a report for the client, providing recommendations and training plans.
Digital Forensics & Incident Report
Part of an effective information security program is an organization’s ability to respond quickly and thoroughly to potential data breaches. GraVoc assists businesses in assessing whether a data breach or inappropriate use of IT resources has taken place through analyzing reports and audit trails through a series of forensic tools. GraVoc provides a report with findings, recommendations for remediation, and ways by which a similar incident can be prevented.
Disaster Recovery/ Business Continuity Planning
At GraVoc, we work with our clients at all stages of the disaster recovery and business continuity planning process. Whether they are starting from nothing or looking to revive an outdated or insufficient plan, our clients can rely on our experience and proven methodology to guide their effort. GraVoc representatives work directly with management, department heads, process owners, and other key stake holders to build a comprehensive disaster recovery and business continuity plan.
Once complete, GraVoc will assist in conducting enterprise-wide training and testing of the DR/BCP strategy, providing all the necessary documentation for auditors and examiners at the conclusion of each session. In effect, our clients can be certain that operational, regulatory, reputational, and other risks stemming from this area have been properly addressed. Among the services provided in this area are:
- DR/BCP Gap Analysis
- DR/BCP Development
- DR/BCP Training
- DR/BCP Testing
- Pandemic Event Training & Testing
GraVoc’s IT services practice also provides clients with consulting for establishing and designing an effective and efficient data backup strategy that will protect information during a disaster and limit service delays.
Risk Management & Compliance Service Area
Risk Management & Compliance Service Area
GraVoc is located in Peabody Massachusetts, just north of Boston, and provides Information Security services including Risk Management and Compliance, Disaster Recovery, Business Continuity Planning, Social Engineering Testing, Risk Assessment, Security Awareness Training and Digital Forensics to businesses and organizations in the New England area. GraVoc’s Information Security employees hold certifications in CCNA Security, CISM, CISA, CRISC, C|EH, CISSP, and E|CIH. Below is a list of our Massachusetts and New Hampshire service area. GraVoc also provides Information Security services in Connecticut, Maine, Rhode Island and Vermont but are not limited to these states.
Massachusetts Risk Management and Compliance Service Area:
Acton, Amesbury, Andover, Arlington, Ashby, Ashland, Ayer, Bedford, Belmont, Beverly, Billerica, Boston, Boxborough, Boxford, Burlington, Cambridge, Carlisle, Chelmsford, Chelsea, Concord, Danvers, Dracut, Dunstable, East Boston, Essex, Everett, Framingham, Georgetown, Gloucester, Groton, Groveland, Hamilton, Haverhill, Holliston, Hopkinton, Hudson, Ipswich, Lawrence, Lexington, Lincoln, Littleton, Lowell, Lynn, Lynnfield, Malden, Manchester by the sea, Marblehead, Marlborough, Maynard, Medford, Melrose, Merrimac, Methuen, Middleton, Nahant, Natick, Newbury, Newburyport, Newton, North Andover, North Reading, Peabody, Pepperell, Reading, Revere, Rockport, Rowley, Salem, Salisbury, Saugus, Sherborn, Shirley, Somerville, Stoneham, Stow, South Boston, Sudbury, Swampscott, Tewksbury, Topsfield, Townsend, Tyngsborough, Wakefield, Waltham, Watertown, Wayland, Wenham, West Newbury, Westford, Weston, Wilmington, Winchester, Winthrop and Woburn.
Our Massachusetts Risk Management and Compliance Service Area Also Includes: Barnstable County, Berkshire County, Bristol County, Dukes County, Franklin County, Hamden County, Hampshire County, Nantucket County, Norfolk County, Plymouth County and Worcester County.
New Hampshire Risk Management and Compliance Service Area:
Amherst, Andover, Atkinson, Auburn, Boscawen, Bow, Bradford, Brentwood, Candia, Canterbury, Chester, Concord, Danbury, Danville, Deerfield, Derry, Dunbarton, East Kingston, Epping, Epsom, Exeter, Franklin, Fremont, Greenland, Hampstead, Hampton Falls, Hampton, Henniker, Hill, Hooksett, Hopkinton, Kensington, Kingston, Loudon, Lyndeborough, New Castle, New London, Newbury, Newfields, Newington, Newmarket, Newton, Northfield, North Hampton, Northwood, Nottingham, Pembroke, Pittsfield, Plaistow, Portsmouth, Raymond, Rye, Salem, Salisbury, Sandown, Seabrook, South Hampton, Stratham, Sutton, Warner, Webster, Wilmot and Windham.
Our New Hampshire Risk Management and Compliance Service Area Also Includes: Hillsborough County, Rockingham County and Cheshire County.
Information Security News
We are thrilled to announce that for the 4th year we have been nominated for the Banker & Tradesman’s ‘Best of’ Awards!read more
Ukrainian business, M.E. Doc, failed to secure their own infrastructure and as a result of this negligence, thousands of computers were compromised.read more
On June 27th, 2017 an international cyber attack crippled devices from the U.K to the United States.read more
GraVoc is a technology-consulting firm located in Peabody, Massachusetts just north of Boston. GraVoc is committed to solving business problems for customers through the development, implementation, and support of technology-based solutions.
"One Company, Many Solutions"