At Beckage, we appreciate that every organization has a unique story to tell, and we listen. This is the cornerstone to all we do. Our crawl-walk-run approach in the delivery of services emphasizes the uniqueness of your organization and operationalizes a risk-based methodology. Our team of attorneys are seasoned technology professionals with backgrounds that include risk management, in-house counsel, governmental agencies, and information security and technology leadership. Our risk management team also includes the former Information Security Officer (ISO) of the fourth largest publicly owned health care institution in the US, a current Certified Information Systems Auditor (CISA), technologists, and former regulators.
When we work with clients, we draw upon decades of professional and legal experience to assess administrative, technical, and physical safeguards, and employ a risk management strategy that aligns with your organization’s business objectives. In short, we appreciate the challenges many organizations face by engaging multiple technology vendors and third-party advisors — who simply don’t appreciate where they stand, what they are missing, and most important, whether they are in the best legally defensible position.
The Beckage Risk Management Practice offers its Risk Assessment as a privileged precursor or simply a part of a broader audit strategy, to make sure our clients are on track with their technology and legal postures as it relates to information technology and data security.
We facilitate the design and implementation of enterprise-wide security programs and perform ongoing “health checks” to evaluate the appropriateness of controls and alignment with business requirements and objectives.
We assist organizations on their journey towards compliance with industry specific compliance programs aligning with regulatory requirements such as GDPR, PCI, HIPAA, and HITRUST and specific state requirements such as the NY SHIELD ACT, CCPA, and 23 NYCRR 500.
We assist organizations with the development of custom Information Technology policies and a broader taxonomy to meet industry specific regulations, supported by a governance structure across all facets of security, aligning with your business strategy, and creating a holistic sustainable program.
Our Risk Assessment helps organizations identify highest risks, control gaps, “most bang for your buck” control domains to address and provides you with a pragmatic recommended road-map that takes into account your organizational cyber-maturity level.
Our proprietary tools and methods assist organizations in their mergers and acquisition strategy. We assist organizations by building efficient, repeatable, and scalable IT due diligence review programs.
We apply industry best practices and standards to assist organizations engineer and maintain effective disaster recovery and business continuity programs and strategies.
We educate Boards and executive management on the current threat landscape and effective strategies to protect corporate assets.
We build Vendor or Business Associate Management strategies for our clients. We take a holistic approach that captures the inherent and residual risks of those handling your data.
We have attorneys available for 24/7 incident response support and provide table-top exercises to prepare your tactical leaders and broader response teams.
For questions, please contact Michael Chirico Esq., Certified Information Systems Auditor (CISA).