Home
Client Services
Firm Philosophy
Contact Us
Career Opportunity
Audit Services
Asset Review
IT Security
Compliance
Trust Services
Tax Services
Benefit Plan Audit
Commitment
Newsletter Signup
FBLG Banking News
Banking Library
File Transfers
Salary Survey
Survey Signup
FORTNER, BAYENS, LEVKULICH & GARRISON, P.C.
Certified Public Accountants

Fortner, Bayens, Levkulich & Garrison, P.C.’s Information Technology Security Services can help you evaluate your current information security risk profile and develop appropriate controls to manage identified risks. We can assess your external security posture and also mimic an attack by real-world hackers to determine how secure your network and firewalls are, and then use what we learned to tailor your systems to promote information and data security. We can assess your internal security posture to identify threats to data and system integrity. We can evaluate your information technology policies and procedures for compliance with regulatory and GLBA requirements.

 

 

Assessing the external and internal threats that could result in unauthorized disclosure, misuse, alteration or destruction of customer information and bank records can be a difficult process. Adopting security measures that you conclude are appropriate can be just as challenging. Our professional auditors use a variety of tools to assess your security posture to identify vulnerabilities and compliance issues in your information technology infrastructure. Additionally, we will evaluate the social engineering aspects of security with employees and management and conduct social engineering assessments from both a physical and psychological viewpoint. Our External and Internal Vulnerability Assessments conform to National Institute of Standards and Technology requirements and the Information Systems Audit Standards issued by the Information Systems Audit and Control Association.

 

 

A solid Information Technology security policy is the foundation of a strong Information Technology security program -- a requirement for regulatory compliance. Our professionals will define and document a technical and network security compliance baseline. We will establish and document compliance traceability including the mapping of organizational policies to GLBA regulatory requirements and to FFIEC control objectives. 

Our efforts focus specifically on industry best practices and section 501 of the Gramm-Leach-Bliley Act, which requires that appropriate standards be established for the administrative, technical, and physical safeguards of your nonpublic personal information. Such information is frequently contained on media such as paper documents, back-up tapes, disks, and other storage devices. Protection of this data requires protection of the media. Theft, destruction, or other loss of the media could result in the exposure of corporate secrets, breaches in customer confidentiality, or the disruption of business activities. Our combined testing procedures are intended to test GLBA technical controls.