COMPLETE ELECTRONIC DATA PROCESSING (EDP) REVIEW SERVICES

 

Let us improve your Information Technology controls and streamline your technical operations for maximum compliance and efficiency.

BIS - Bank Information Systems Examinations are being promoted as a single set of high quality, understandable and enforceable audit controls. The adoption of BIS Examinations in the Banking Industry follows the trend toward due diligence to report under Federal Financial Institutions Examination Council Guidelines. Our professionals have extensive experience in providing services for organizational reporting under FFIEC Guidelines and can assist you in performing annual BIS Examinations. The following activities are included in Electronic Data Processing Review Services:

 

  • Overall Information Technology audit supervision 
  • Segregation of duties and input controls
  • Vendor review (i.e. Harland, Fiserv, Fedline and Jack Henry) 
  • Disaster recovery and Business Continuity Planning
  • Computer room security
  • Testing of new releases
  • Remote access programming
  • Reconcilement of applications
  • Password security and micro-computer policy
  • Insurance
  • Internal audit procedures
  • Review of software vendor information
  • Once the (BIS) Bank Information Systems Examination is complete, you will receive a complete presentation of the findings, a comprehensive report that may be presented to the FDIC (Federal Deposit Insurance Corporation), OCC (Office of the Comptroller of the Currency) or State Regulatory Examiners. These reports detail what FFIEC (Federal Financial Institutions Examination Council) controls require additional effort, their potential impact to the bank, and a recommendation section which outlines a set of detailed, prioritized steps to mitigate the deficiencies.

 

Security Assessments & Remediation

 

Let us mimic the first, second and third phases of an attack by real-world hackers. Let us determine how secure your external network and firewalls are...then using what we learned to tailor your security capabilities to achieve a solid Internet/IntrAnet presence.

 

Our professionals can assess both your external and internal technical environment and focus remediation efforts on the most critical areas.

 

EVA & IVA - Our External and Internal Vulnerability Assessments conforms to NIST (National Institute of Standards and Technology), and the Information Systems Audit Standards issued by the Information Systems Audit and Control Association (ISACA). Additional sources of testing codes of practice include CERT/CC, the SANS (SysAdmin, Audit, Network, Security) Institute and CIS (Center for Internet Security). Our professional certified security auditors use a multitude of tools to assess an organization's security posture and controls in use to identify vulnerabilities and compliance issues in an Information Technology infrastructure. The following activities are included in Security Assessments & Remediation

·         Intelligence Gather - Electronic "dumpster diving"

·         Port Scanning - Open computer port assessment

·         Services Probing - Discover potential attack vectors

·        Fingerprinting - Enumerate information about target systems

·        Vulnerability Scanning - Comprehensive External and Internal vulnerability scans

·         Research and Verification - Eliminate false positives

·        Compliance Testing - Test the systems for compliance with standards established by the Center for Internet Security and the National Institute of Standards and Technology.

·        Once the (EVA or IVA) External/Internal Vulnerability Assessment is complete, you will receive a presentation of the findings, a comprehensive report with an Executive Summary,  Detailed Technical Report and a mountain of data for future reference. These reports detail what security risks were uncovered, their potential impact on the organization, and a remediation remedy section which outlines a set of detailed, prioritized steps to mitigate or remove those deficiencies.

 

Information Technology Security Services

 

Let us help your Information Technology staff work smarter and more efficiently.

 

Our professionals can be a valuable supplement to your existing Information Technology staff, coming in only when and where you need them.

 

Fortner, Bayens, Levkulich and Co. P.C. professionals can help you evaluate your current compliance posture, contractual obligations (GLBA, S-OX) and develop appropriate controls and documentation to support vendor choices and future banking decisions.

 

A solid Information Technology security policy is the foundation of a strong Information Technology security program - a requirement for regulatory compliance. The following activities are included in IT Security Regulatory & Policy Compliance Services:

 

  • Defining and documenting a technical, and network security compliance baseline.
  • Establishing and documenting compliance traceability, including the mapping of organizational policies to GLBA regulatory requirements and to FFIEC control objectives.
  • Evaluate and determine if GLBA obligations of each party are clearly defined, understood, and enforceable.
  • Evaluate the social engineering aspect of security with employees and Management. Conduct social engineering assessments from both a physical and psychological viewpoint.