Cybersecurity Audit & Consulting Services

Protecting Your Organization in an Evolving Threat Landscape

At Nawrocki Smith, we deliver strategic cybersecurity audit and consulting services designed to help organizations identify vulnerabilities, strengthen internal controls, and enhance their resilience against cyber threats. Our team are Certified Public Accountants, Certified Internal  Auditors, holds cybersecurity audit certificate from ISACA, and provides a unique blend of analysis and technical insight to help organizations meet regulatory requirements and protect sensitive data.

Our Services

  • Cybersecurity Risk Assessments. Comprehensive assessments aligned with NIST, CIS, and NYS DFS           frameworks to identify control gaps.
  • Internal Control Audits. Evaluation of IT general controls (access, change management, data backup)
  • Vendor Risk Management. Third-party risk assessments, contract review, SOC report evaluations
  • Incident Response Readiness. Review of response plans, escalation protocols, communication strategies
  • Cyber Insurance Advisory. Gap analysis of policy coverage vs. actual controls and incident capabilities
  • Regulatory Compliance Reviews. Assessment of compliance with NIST SP800-171, HIPAA, FERPA, GLBA, and state regulations
  • Phishing & Awareness Campaigns. Social engineering simulations and training to improve organizational readiness
  • Cloud Security & Data Governance. Evaluation of MFA implementation, network segmentation, endpoint security, data loss prevention, encryption controls, log management and continuous monitoring, data classification, and access controls.
  • Ongoing Monitoring & Remediation Support. Follow-up cybersecurity assessments and audits to identify gaps and document key findings.

Audit Framework Alignment

We base our audit methodology on recognized industry standards:

  • NIST Cybersecurity Framework (CSF). Baseline for cybersecurity risk management
  • NIST SP800-171. Required for contractors handling Controlled Unclassified Information (CUI)
  • CIS Critical Security Controls. Practical implementation of prioritized security measures
  • NYS DFS Cybersecurity Regulation. For financial institutions and regulated entities
  • HIPAA, FERPA, GLBA. For educational, healthcare, and financial data

Let's Discuss Your Accounting and Advisory Needs.

We're Ready to Help You Make Better Decisions and Reduce Risk.

Contact Us
© 2023 Nawrocksmith All rights reserved.