Services
NETBankAudit can work in coordination with your existing audit department or as a complete outsourced solution to your audit or assessment needs. In addition, NETBankAudit can bundle any or all of the following services into an integrated solution for our clients. Below are descriptions of the following services:- Information Technology (IT) Audit
- Sarbanes-Oxley (SOX) IT Audit
(Close Window)
Sarbanes-Oxley (SOX) IT Audit
http://www.sarbanes-oxley.com
NETBankAudit offers COBIT/FFIEC-compliant SOX Section 404 IT Audit services to complement our General Controls Review (GCR) IT Audit service or as a standalone service. SOX Section 404 is focused on the controls, including the security and change management controls, around the financial accounting systems and processes. A SOX IT Audit review can be used as a driver for broader risk management objectives to improve security and maintain consistent security processes, controls and infrastructure. The change management component of the review encompasses relevant SOX application/system, employee, vendor, and process changes. Utilizing a client-provided Internal Control Matrix for IT, developed in collaboration with you, NETBankAudit can provide a customized approach to addressing your institution's SOX IT Audit requirements. - GLBA IT Controls Assessment
(Close Window)
GLBA Information Technology (IT) Controls Assessment
NETBankAudit provides a risk based IT controls assessment service based in COBIT methodology, which covers the same scope as an IT Audit but because it is an assessment we do not provide work papers, but a written assessment review of each control area. NETBankAudit utilizes GLBA, FFIEC and SOX (where applicable) guidelines and our extensive community financial institutional experience in developing our GLBA/FFIEC compliant risk based controls objectives and scope. In addition, our IT controls assessment includes our industry leading internal and external vulnerability and penetration technical testing unless otherwise specified. - GLBA Information Security Risk Assessment
(Close Window)
GLBA Information Security Risk Assessment
NETBankAudit provides a GLBA/FFIEC compliant enterprise-wide Information Security Risk Assessment service designed to provide your institution all the tools necessary to develop and maintain a robust program. This service is tailored to meet yearly GLBA regulatory requirement of a management owned risk assessment. As such, this service is a collaboration between NETBankAudit and the customer where we mentor you through this engagement and leave you with something you can understand and continue to use for years to come. Our proven process is based on an approach outlined in the National Institute of Standards and Technology's (NIST) Special Publication 800-30 , industry best practice and our 7 years of experience supporting the community financial institutions market. The process has also been tailored to meet the regulatory requirements for a risk assessment, as outlined in the Interagency Standards for Safeguarding Customer Information and the FFIEC Information Security Booklet and where applicable, NCUA Information System and Technology (IS&T) Program as revised and outlined in Credit Union Letter No. 06-CU-10. We provide the tools, the training and conduct a thorough analysis of the control areas identified in the Information Security Risk Assessment through our industry leading internal and external vulnerability and penetration technical testing, unless otherwise specified. Not just shelfware, our Risk Assessment methodology will give management a tool to assist them in managing the ever changing technical and regulatory environment. - Information Technology (IT) Vulnerability Assessment
(Close Window)
Information Technology (IT) Vulnerability Assessment
NETBankAudit provides an (IT) internal and external vulnerability assessment to our community financial clients. Although limited to IT, this vulnerability assessment employs the same strict adherence to methodology as defined in our GLBA Information Security Risk Assessment. We include both internal and external vulnerability technical testing and also a complete evaluation and gap analysis of your existing Information Security Program (policies and procedures) and the existing Information Security Risk Assessment process. NETBankAudit can customize this engagement to include or exclude internal or external testing as a part of the scope. - Information Technology (IT) Technical Vulnerability Assessment
(Close Window)
Information Technology (IT) Technical Vulnerability Assessment
NETBankAudit offers independent technical vulnerability testing for our community banking clients. This includes both internal and external vulnerability and penetration technical testing without the Information Security Program policy and procedure gap analysis and review but with the onsite physical security review of your information security. This is the same technical testing provided in our IT Audit and Risk Assessment services. Again, we adhere to strict industry standard methodologies such as NIST and ISO in the construction of our assessment methodology and have extensive experience in delivering for regulatory review. Our engineers are highly trained and certified in their fields with CISA, CISSP and CISM certifications. In addition, our technical assessments are guided by our experience and knowledge in GLBA and FFIEC objectives and guidelines. - Remote Information Technology (IT) Technical Vulnerability Assessment
(Close Window)
Remote Information Technology (IT) Technical Vulnerability Assessment
NETBankAudit offers independent remote technical vulnerability testing for our community banking clients. This includes both internal and external vulnerability and penetration technical testing without the cost of an onsite visit to accomplish the Information Security Program policy and procedure gap analysis and review or the physical security review of your information security. Our engineers will work with your in house staff to coordinate the use of our equipment and tools to accomplish the testing without the cost of travel. This is the same technical testing provided in our IT Audit and Risk Assessment services.Again, we adhere to strict industry standard methodologies such as NIST and ISO in the construction of our assessment methodology and have extensive experience in delivering for regulatory review. Our engineers are highly trained and certified in their fields with CISA, CISSP and CISM certifications. In addition, our technical assessments are guided by our experience and knowledge in GLBA and FFIEC objectives and guidelines.
- External Vulnerability Assessment (inc. External Pen Test)
(Close Window)
External Vulnerability Assessment (External Pen Test)
NETBankAudit also offers standalone and independent external technical vulnerability assessments for our community banking clients. This is the same external technical pen testing provided in our IT Audit and Risk Assessment services. It provides not only the external vulnerability and pen testing but also an extensive process which the engineer uses a combination of manual and automated searching techniques to identify potentially harmful public information pertaining to the financial institution, including configuration errors, accidental/unintentional posting of sensitive or internal information, Trojan/Viruses/Spyware which has targeted the institution, malicious sites, and phishing attacks. Again, we adhere to strict industry standard methodologies such as NIST and ISO in the construction of our external pen testing methodology. Our engineers are highly trained and certified in their fields with CISA, CISSP and CISM certifications. In addition, our technical assessments are guided by our experience and knowledge in GLBA and FFIEC objectives and guidelines. External pen test engagements can also include social engineering tests such as "phishing", "phone attacks" and other tests such as "road apple" as described below. - Security Awareness (Social Engineering) Assessment
(Close Window)
Security Awareness (Social Engineering) Assessments
NETBankAudit provides custom Security Awareness Assessments for our clients. We believe that awareness, knowledge and training are the keys to protecting against social engineering and identity theft. Our Security Awareness Assessments are customized to our client's specific needs and objectives. We are able to provide our clients custom Security Awareness presentations for their employees to increase knowledge of potential social engineering attacks and increase employee knowledge and awareness of client's existing policies and procedures for handling social engineering incidences. NETBankAudit is able to deliver these presentations either in person or over the web to reach client employees on location (branches). We also follow up with specific social engineering testing (e.g. onsite physical testing or external "phishing" or "phone" attacks) to verify employee awareness. - Social Engineering Vulnerability Testing
(Close Window)
Social Engineering Vulnerability Testing
NETBankAudit provides security engineering vulnerability testing customized to our client's specific needs and objectives. NETBankAudit believes that social engineering testing should only be applied to verify actual training as it is unfair to test employees on subject areas they are not trained on. We are able to provide our clients custom social engineering testing designed to verify training effectiveness. NETBankAudit is uniquely qualified to provide social engineering testing through its understanding of community financial institutions, information security standards and our investment in the qualified engineers, auditors and tools needed to be professional and effective in our engagements. We are able to customize both onsite testing such as person to person testing at predetermined locations and/or external testing including but not limited to "phishing attacks", "phone" attacks and "road apple attacks" to verify employee awareness. - ACH Audit (NACHA Compliance)
(Close Window)
ACH Audit (NACHA Compliance)
NETBankAudit offers an audit of the compliance and operational controls over the ACH functions for our clients. As with all information management related audits we use COBIT as our methodology and FFIEC and SOX as our objective and scope guidance. Our evaluation will consist of observation, inspection, and interviews with relevant staff members at the bank, as well as a review of supporting documentation. The objective of the audit is to confirm that the bank's policies, procedures, and operating controls are consistent with the requirements outlined in NACHA rules, regulatory requirements, and industry best practices. The audit process and documentation is designed to meet the requirements outlined in Appendix 8 to the NACHA Rules. - Bank Secrecy Act (BSA) Audit
(Close Window)
Bank Secrecy Act (BSA) Audit
http://www.occ.treas.gov/bsa/BSARegs.htm
NETBankAudit offers our clients BSA Audit services. It can be in conjunction with COBIT IT Audit, SOX IT Audit or as a standalone audit. Monitoring BSA Compliance - 12 CFR 21.21 requires every national bank to have a written, board approved program that is reasonably designed to assure and monitor compliance with the BSA. The program must, at a minimum: 1) provide for a system of internal controls to assure ongoing compliance; (2) provide for independent testing for compliance; (3) designate an individual responsible for coordinating and monitoring day-to-day compliance; and (4) provide training for appropriate personnel. In addition, the implementing regulation for section 326 of the PATRIOT Act requires that every bank adopt a customer identification program as part of its BSA compliance program.
(Close Window)
Information Technology (IT) Audit
NETBankAudit provides risk based IT audits based on COBIT methodology. COBIT audit methodology was developed specifically for IT audits and is the industry standard. NETBankAudit utilizes GLBA, FFIEC and SOX (where applicable) guidelines and our extensive community financial institutional experience in developing our GLBA/FFIEC compliant risk based audit objectives and scope. NETBankAudit can also help your institution develop an IT Audit Risk Assessment process for assistance in your financial institution's development of a risk based audit plan. In addition, our IT Audit includes our industry leading internal and external vulnerability and penetration technical testing unless otherwise specified.
|
|