IT Advisory

Home  ›  What we do

Our IT Services practice provides cross-functional and diverse industry experience, leveraging DLA’s accounting advisory, business advisory, optimization, risk management, forensic and financial advisory services. Our team helps companies improve operational performance, reduce business complexities, increase controls and optimize processes, resulting in more cost-effective, controlled and streamlined operations.

DLA draws on leading practices from multiple industries to find optimal and sustainable solutions to your challenges. Our capabilities include IT controls, and governance, IT change and project management and system/business requirements and selection services.

IT Advisory

Cybersecurity

At DLA, we offer a robust suite of cybersecurity services to help you stay ahead of potential vulnerabilities, boost your security posture, and protect your company’s most valuable assets.

Cybersecurity Services and IT Assessments

Our IT experts and cyber specialists will guide you through a comprehensive cybersecurity assessment tailored to your industry regulations to ensure you satisfy the ethical practices, regulations, standards, and applicable laws. Our areas of specialty include:

  • SEC cybersecurity risk management and disclosure rule review and remediation
  • NIST 800-53 Rev. 5, 800-171, and cybersecurity framework (CSF)
  • ISO 27001
  • NY DFS cybersecurity regulation
  • HIPAA readiness
  • 3rd party risk assessments
  • SOC readiness assessments
  • Technology due diligence
  • IT optimization assessments
  • Human capital assessments

Privacy and Data Protection 

Keeping personal information safe and private isn’t just good practice, it’s essential. We provide a comprehensive range of assessments and tailor-made solutions to help you comply with global standards and evolving regulations, protect your stakeholders’ trust, and uphold your reputation and ethical commitments.

  • General Data Protection Regulation (GDPR) Guidance: Our team guides you through the complexities of the GDPR to ensure that your data processing activities have a lawful basis and implement comprehensive strategies that prioritize data protection and privacy at every stage of your business operations.
  • California Consumer Privacy Act (CCPA) Evaluations: We evaluate your organization’s security controls and processes using the Center for Internet Security (CIS) Top 18 Controls to ensure you meet CCPA requirements and stand protected against potential threats.
  • Data Leakage Protection (DLP) and Data Retention Assessments: We help you fortify your data security posture and reduce the risks of data leakage. To do this, we analyze your organization’s data lifecycle, develop a robust data retention strategy, and recommend cutting-edge DLP technologies that keep your sensitive data inside your designated network boundaries.
  • Data Classification Reviews: Our cyber specialists work with you to categorize your data based on its sensitivity and importance. We then develop a comprehensive data classification framework that supports more effective data handling, better access control, and stronger security protocols.

Cybersecurity Health Check and Defense 

In an era of relentless cyber threats, assessing the health of your digital infrastructure and proactively fortifying it is more than a requirement—it’s a strategic imperative. Our cybersecurity health check and defense services help you identify vulnerabilities and equip your organization with proactive measures to mitigate risks before they escalate.

  • Vulnerability Assessment: We systematically scan and analyze your organization’s systems, networks, and applications to identify known vulnerabilities. We prioritize these weak spots by severity, then identify critical areas that demand immediate attention and remediation.
  • Penetration Testing: Often referred to as “pen testing,” this cybersecurity practice uses ethical hackers to simulate real-world cyberattacks to identify and exploit vulnerabilities in your system. By attempting to gain unauthorized access, escalate privileges, and access sensitive data using advanced techniques, our security experts will proactively uncover potential pathways that malicious actors may use.
  • Threat-Informed Attack Simulation (TIAS): TIAS is an automated process that pairs real-world threat intelligence with advanced technology to simulate a variety of cyberattacks against your organization’s systems and networks. The goal of TIAS is to better understand how your organization would fare against a real-world attack and identify any gaps in your security posture. Because it’s run on a continuous basis, this automated simulation helps to ensure your organization’s security is always up to date.
  • Social Engineering/Email Phishing/Email Filter Testing: We evaluate your human vulnerabilities and technological defenses to identify and help you mitigate vulnerabilities in your security posture.

Strategy and Management

We offer comprehensive strategic guidance and management solutions that supplement your team with IT and cyber expertise to optimize technology-driven business operations.

  • IT Security Policies and Procedure Development: We help you create IT security policies and procedures that define clear protocols for employees to safeguard your organization’s information assets.
  • Governance, Risk, and Compliance (GRC) Solution Assessments and Implementation: We work with you to ensure your organization is poised to adequately manage your governance, risk, and compliance (CRC) activities so you can navigate regulatory landscapes with confidence and agility.
  • Cybersecurity Training and Awareness: We work with your employees to ensure they are not only astutely aware of the risks of cyberattacks, but also know how to protect themselves and the organization’s information assets. By arming employees with knowledge and best practices, you will be better positioned to prevent data breaches, protect against unauthorized access, and comply with regulations.
  • Board of Directors Cyber Risk Management Advisory Services: We help your board of directors understand and mitigate your organization’s cyber risks. Strengthening this leadership foundation is an essential element in safeguarding your organization’s information assets and ensuring its long-term success.
  • Virtual CISO (vCISO)-as-a-Service: With our vCISO-as-a-Service, you get on-demand access to a cybersecurity expert who tailors security strategies to fit your timeline and budget, ensuring your organization’s security program matures efficiently.
  • Virtual CIO (vCIO) )-as-a-Service: Our vCIO provides tailored IT leadership and insights on-demand to help your organization manage and mature your technology landscape within your timeline and budget.

Resiliency Management Services

In the unpredictable digital landscape of today, building a resilient business infrastructure is paramount. With our Resiliency Management Services, we help you ensure your business operations are equipped to seamlessly navigate disruptions—from small hiccups to catastrophic events. Through this process, we complete a business impact analysis (BIA), then work with you to develop a business continuity plan (BCP), an incident response plan (IRP), and a disaster recovery plan (DRP). We also offer comprehensive incident response services, including real-time management, digital forensics, ransomware guidance, and simulations to enhance the effectiveness and resilience of your business protocols. 

DLA's Cybersecurity Self-Assessment

Gain insight into your Company’s Cybersecurity posture and exposure. Take the DLA Cybersecurity self-assessment. It takes 5 minutes to complete and provides your maturity tier.

Click here to start

DLA's NYDFS Part 500 Cybersecurity Self-Assessment

On November 2023, the New York Department of Financial Services (NYDFS or the “Department”) released the finalized revisions (the “Second Amendment”) to 23 NYCRR Part 500 (Part 500). The revisions contain many new controls which are expected to be complied with.  Take the DLA NYDFS Part 500 self-assessment, which takes 10-12 minutes to complete and provides your maturity tier.

Click here to start

IT Change and Project Management

Our IT Change and Project Management services ensure effective, timely and cost-effective IT implementation. We utilize our change management experience and our proprietary system development lifecycle methodology to bring about successful IT change.

Services include:
  • Evaluate IT Projects and Guiding System Requirements, Solution Design and Vendor Selection
  • Utilize a highly adaptable set of guidelines that provide a management framework to:
    • Clarify the process of IT change
    • Facilitate communication
    • Reduce risk
    • Strengthen control
    • Increase value
    • Provide IT Project Implementation Management/Monitoring
    • Guarantee the compliance of the implementation with SOX provisions

IT Controls & Governance

Our team utilizes DLA’s IT and controls experience to provide IT risk assessments, establish IT policies and procedures, and design an IT controls framework. These services can be performed as an assessment depending on the maturity and depth of the existing IT infrastructure.

Services include:
  • Assist in the design and implementation of IT organization, governance, and strategy
  • Analyze existing IT organizational structures, assessing roles, responsibilities, capabilities, and work allocation
  • Assess IT policies and procedures to ensure all critical areas of the IT organization are addressed and that they ensure adequate General Computer Controls and Computer Application Controls
  • Develop IT policies and procedures
  • Test controls to ensure proper design and execution
  • Review and assess SSAE 18 SOC reports, control exceptions, and client control considerations
  • Identify internal control requirements, monitoring control performance, and reporting on control compliance of IT change projects

System Requirements & Selection Services

Using our proprietary system development life cycle methodology, DLA aids clients in choosing the right application and technology vendors. By gaining an understanding of the business requirements and existing processes, we will provide experienced advice in each of the critical phases of the system selection and implementation process.

Services include:
  • Project Planning and Management
  • System Requirements
  • Solution Strategy
  • Software Selection
  • Solution Design and Configuration
  • Data Conversion
  • Operational Procedures
  • System Testing
  • User Training
  • Initiation of Go-Live

Meet the Experts

DENNIS CHRISTOFORATOS

MANAGING DIRECTOR & CIO

Advisory Services 

P: 973-575-1565

E: dennis.christ[email protected]

ROBIN CYRUS

MANAGING DIRECTOR

Head of National Cybersecurity Practice

P: 973-575-1565

E: robin.cyrus@dlallc.com

Stay Connected