Our auditors assess your policies, procedures, and processes using the GLBA/FFIEC audit framework, testing for effectiveness where possible. We also perform a Controls Review, ensuring compliance with stated controls based on your GLBA risk assessment.
We conduct a thorough IT security review of your Internet Banking controls, addressing the latest regulatory guidance. Our team also tests Internet Banking procedures for enforcement and evaluates controls identified in your risk assessment.
Our auditors will review ACH and Wire Transfer processes and controls based on risk and compliance with operating procedures in accordance with regulatory requirements and other IT security controls.
We evaluate your physical security and environmental controls of key security zones. infotex will also randomly test for physical security controls for enforcement.
We collaborate with your Business Continuity Team, implementing walk-throughs, table-top tests, or full functional tests, designing test objectives and plans, and documenting results within FFIEC guidelines.
We review your Vendor Management Procedures and Due Diligence efforts, ensuring proper controls are in place. If requested, auditors can also review critical and high-risk vendor files for regulatory compliance.
If you have interactivity on your marketing site, you may have vulnerabilities that should be mitigated. Our Web Application Security Review includes an extensive source code review, but also includes a review of the following technical controls: processes, user interfaces, encryption, authentication, and infrastructure. We also review non-technical controls: Systems Development Lifecycle (SDLC), change management, and documentation.
We assist financial institutions and healthcare organizations in developing efficient GLBA, BSA, and HIPAA risk management programs. These programs effectively identify, measure, and manage risks while aligning information security practices with IT governance and overall business strategy.
We scan your network perimeter against all known vulnerabilities. The goal is to find, analyze, and confirm all vulnerabilities, resulting in a risk-based project plan for mitigation.
We scan your internal network remotely. The goal is to find, analyze, and confirm ALL vulnerabilities, resulting in a risk-based project plan for mitigation. This, combined with Perimeter Network Scans, yields our Technical Vulnerability Assessment.
We will compare the way your security applications, servers, and critical workstations are configured against published best practices. We use Microsoft Baseline Security Analyzer for Microsoft devices and go to vendor documentation for AVS, Spyware Defense, Firewalls, etc. The end result will be a response process where your network administrators either mitigate found deficiencies or accept our declared risk because of mitigating controls.
Provider will review the configuration of Client’s virtual environment using SANS Institute publications as a framework. The review will consider visibility, configuration management, network management, and disaster recovery as well as security.
The password file (SAM) will be audited for crackable passwords. We report the passwords that have been compromised, the time it takes to crack the password. The report provides a picture of the strength of passwords in place, and is very useful in your information security awareness program.
A fraudulent email directs users to a fake website, with deceptions ranging from "New Employee Portal" to "Forwarded Joke" to "E-card." Users who fail the test may expose sensitive information like network usernames and passwords or inadvertently download files to their workstations. Our report highlights users who didn't pass the test, provides a summary of penetration percentage, displays screenshots of the email and phishing site with notes, and serves as an effective awareness training tool.
We place calls to your organization to leverage information from employees who do not know how to authenticate prior to revealing sensitive information to telephone callers. The report describes the attempt at each location and the response, a summary report showing the percent of penetration, and recommendations.
We test physical access controls by posing as members of your network support team, a telephone repair person, etc. The report describes the attempt at each location and the response, a summary report showing the percent of penetration, and recommendations.
Provider will randomly test for compliance to your clean desk policy, looking for various violations such as not employees not locking their workstations or for passwords that are written down and “tucked” in obvious locations.
During a walk-through, we will randomly test for compliance to proper destruction of documents containing nonpublic information.
A fraudulent email directs users to a fake website, with deceptions ranging from “New Employee Portal” to “Forwarded Joke” to “E-card.” Users who fail the test may expose sensitive information like network usernames and passwords or inadvertently download files to their workstations. Our report highlights users who didn’t pass the test, provides a summary of penetration percentage, displays screenshots of the email and phishing site with notes, and serves as an effective awareness training tool.