Internal Vulnerability Scan – A process of identifying, quantifying, and prioritizing vulnerabilities on the bank’s network.
External Vulnerability Scan – A process of identifying, quantifying, and prioritizing vulnerabilities on the bank’s public IP address(es).
Internal Penetration Test – An internal vulnerability scan, plus attempts to exploit vulnerabilities found in the scan that could be targeted by unauthorized personnel.
External Penetration Test – An external vulnerability scan, plus attempts to exploit vulnerabilities found in the scan that could be targeted by unauthorized personnel.
Information Technology (IT) Security Audit – A review is conducted of your IT program using compliance regulations and best practices. The audit will focus on management oversight, policies and procedures, staff training, information security, and risk management.
Social Engineering Assessment – A review is conducted of your employees’ responses in an attempt to manipulate staff into divulging confidential and/or personal information that can be used fraudulently.
Business Continuity Management Audit – A review is conducted of your business continuity management program including best practices and simulated tabletop exercises. The audit will focus on management oversight, policies and procedures, staff training, and simulated tabletop exercises covering selected business interruptions.
Firewall Configuration Review – A review is conducted of your firewall configuration and management program using industry best practices. The audit will focus on change management processes, patch management processes, review of firewall rules, remote access configurations, logging and alerting configurations, and third-party management services.