IT Audit Labs: Tailoring Enterprise Risk Management and Mitigation

Follow IT Audit Labs on :

Eric Brown, Managing Partner, IT Audit LabsEric Brown, Managing Partner
The interconnected nature of modern businesses necessitates a holistic approach that can enhance an organization’s overall security posture. That being said, integrating governance, risk, and compliance to business processes requires expertise in managing risk situations and its cascading effect on the company, its clients, and partners.

An information security leader across multiple disciplines, IT Audit Labs (ITAL) helps organizations assess security risk and compliance while providing administrative and technical controls that improve data security. Whether a point solution or a broader security program, the company implements deep industry expertise to secure information for government entities, professional services, and corporate enterprises.

“Our mission is to empower our clients with the expertise, experience, and education they need to secure their most valuable assets. We help organizations understand their audit reports better, and gain clarity on their risk appetite and compliance obligations to successfully implement mitigation practices,” explains Eric Brown, Managing Partner, ITAL.

ITAL’s full-service audit includes penetration testing, vulnerability assessments, social engineering, and physical security assessments to help an organization understand the gaps in security through a quantitative and qualitative approach.

The company also keeps a dynamic document called the risk register to track an organization’s new policies, compensating controls, technological improvements, or compliance areas that can impact their risk score. For instance, if an organization has health data, the company looks into the risks associated with HIPAA compliance. Similarly, if an organization has multiple sets of protected information, it will be recorded in their risk register for a crosswalk analysis of the different risk areas.

The companies can also measure existing security stature and future-proof their technical controls and administrative policies by following the risk register. This proactive approach spots the deficiencies in policies and obsolete technologies to ensure it is updated and implemented promptly.

In many cases, ITAL manages the risk register and engages with clients as an MSP, tracking the ongoing risks in their environment and providing due care for the protected information.
“We identify the inflection points and follow a pragmatic approach that introduces different mitigation plans with their associated costs and benefits,” says Brown.

In most cases, an organization’s security team struggles to dedicate focused time for a detailed review of logs for anomalies due to project constraints or shift breaks. Addressing the need for eyes-on-glass monitoring, ITAL’s offerings include after-hours staff that participates with the organization’s security team for threat hunting, vulnerability management, mitigation, or log reviews. The company’s expert team can also spot anomalies and connections overlooked by the security automation tools and provide superior threat detection and mitigation schemes.

We help organizations understand their audit reports better, and gain clarity on their risk appetite and compliance obligations to successfully implement mitigation practices


ITAL’s round-the-clock monitoring, along with its risk register, is significant in the light of stringent audits and inspections by insurance brokers or providers for estimating cyber insurance premiums. In one instance, ITAL helped a large government organization build and manage a risk register as part of their strategic roadmap. Though the client already had a security program in place, they did not have a dedicated security team. Over the course of three years, ITAL helped them elevate their security measures around managed identity, phishing, and ransomware. This gave the client an edge while comparing their security posture and metrics for insurance. It was also favorable for them when their peers were paying premiums 148 percent higher.

Beyond managed services, companies can also seek the assistance of ITAL’s cybersecurity experts through a virtual leadership program. The company provides experts for guidance (virtual chief information officer/vCIO) and counseling through its ITAL virtual chief information security officer (vCISO) Program.

ITAL houses diverse talent that brings in different lines of thought while approaching problems. The project management team understands both business and security. “Our company invests in our staff and provides them with excellent benefits and flexibility. We give room for our employees to pursue their research projects, write white papers and articles, and participate in podcasts to nurture their passion as it consequently helps our customers better,” adds Brown.
Share this Article:
IT Audit Labs

Company
IT Audit Labs

Headquarters
St. Paul, Minnesota

Management
Eric Brown, Managing Partner

Description
Experts at assessing security risk and compliance while providing administrative and technical controls to improve data security. The company helps organizations understand their audit reports better, and gain clarity on their risk appetite and compliance obligations to successfully implement mitigation practices.