Our auditors and consultants are comprised of dedicated and experienced security and IT audit professionals with experience in mainframe systems, SQL, networking, and data center operations.
Myers and Stauffer has provided audit and/or consulting services to a wide range of federal, state, and local government agencies, including clients in Texas, California, Arizona, New York, Colorado, Indiana, Mississippi, Washington, and Virginia. Our auditors and consultants are comprised of dedicated and experienced security and IT audit professionals with experience in mainframe systems, SQL, networking, and data center operations.
Major certifications held by our IT Assurance and Security Team include those available to IT audit professionals such as Certified Information Systems Auditor (CISA), Certified Information System Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified in Risk and Information Systems Controls (CRISC), and Certified Internal Auditor (CIA). We have also been trained and certified by vendor personnel in the use of Nessus Internet Scanner™, and have real world experience using other automated testing tools for wireless testing, Web application and database vulnerability assessment, and penetration testing.
Audits and consulting services are conducted using best practice frameworks and standards such as GAGAS (Generally Accepted Government Auditing Standards) – The Yellow Book, HIPAA (Health Insurance Portability and Accountability Act) / HITECH (Health Information Technology for Economic and Clinical Health Act, NIST (National Institute of Standards and Technology), SSAE 16 (Standard for Attestation Engagements No. 16) and GAO FISCAM (Government Accounting Office - Federal Information System Controls Audit Manual). In addition, we have audited against specific and detailed vendor guidance, such as that provided by Microsoft or Cisco, and state or county department level standards and guidance.
Myers and Stauffer staff has experience performing automated assessments and penetration testing of network vulnerabilities, Web applications, databases, and wireless network security at government agencies and for very large, complex network environments. We have performed assessments as stand-alone engagements and as a component of other engagements (such as IT audits or security reviews) for State and County Departments, Medical Facilities, Information Resource Agencies, and State Retirement Systems, to name a few). In addition, Myers and Stauffer has performed social engineering assessments to determine how vulnerable organizations are to attempts by unauthorized individuals trying to access sensitive information from system end users. We have completed assessments of wireless and physical security for state agency facilities and data centers.
Areas in which we have completed IT engagements include Service Organization Control (SOC 1, 2, or 3) Audits, Network Security, System Security, IT Administration and/or Management, Mainframe Systems and Database Administration, Application Development/Change Management, Physical Security, Data Backup & Recovery, Processing Integrity / Claims Processing, and Segregation of Duties. We can structure our information technology services as consulting services, agreed upon procedures, or attestation/audit services. We have conducted the following types of information technology assessments, reviews, and audits: