Inform your decisions with guidance aligned with the NIST Cybersecurity Framework risk continuum. Our dedicated government cybersecurity and privacy professionals help you identify critical risks and vulnerabilities, assess potential impacts, improve security controls, conduct response exercises, and plan for remediation and disaster recovery through specialized services:
- Cybersecurity consulting with an auditor lens
- A risk-centric approach
- Cyber analytics focused on remediation investment
- Strategic alliances with leading cybertech firms
Learn more about Grant Thornton’s national cyber
Cyber defense solutions
Uncovering security risks, eliminating critical vulnerabilities and simulating actions of hackers, adversaries or internal threats. Our technical cyber operations professionals use exploitation tools to determine impact of security flaws. We can assist you in vulnerability scanning, penetration testing, social engineering campaigns, war gaming, cyber-incident response exercises, and resilience and disaster recovery planning.
Cyber compliance and assessments
Identifying gaps and developing roadmaps. Our internal and external cybersecurity assessment services help you quickly remediate weaknesses for both security controls implementation and documentation across numerous frameworks including NIST, FISMA, HIPAA, FERPA, CJIS and GDPR. With our audit background, we assist you in improving security controls implementation, control implementation descriptions and evidence/artifact creation to comply with audit, testing and inspection requirements.
Realizing a full range of privacy program support. Our cybersecurity specialists work with you to identify critical needs, leveraging our Total Privacy Management framework. The framework comprises strategy and organization; policies and procedures; communication, training and outreach; and operations and measures. With our strategic technology alliances, we help you to accelerate the maturity of your privacy programs.
Converting assessments into actionable and operationally relevant intelligence. Dynamic dashboards — enables us to help you use data to identify cyber risks to strategic goals, and determine time and cost to remediate them.
Cyber risk management
Reducing risk with minimal investment. We leverage the multiattribute risk model, TVAC (Threat, Vulnerability, Asset and Consequence). Through TVAC, we help you align technical cybersecurity threat information, assets threatened and operational consequences. Improving in areas such as identity management, encryption and two-factor authentication can greatly reduce your agency’s risks.
Elections infrastructure security
Assessing elections infrastructure assets. We deploy a dual-pronged approach to assess assets including voting machines, voter registration databases, poll books and elections management systems. Our perspectives are both governance and technical security. Risk assessments and technical cyber testing are based on the 88 elements of the Center for Internet Security’s Handbook for Elections Infrastructure Security.