OVERVIEW
As independent banks continue to provide Internet connectivity and web-enabled sites, exposing their infrastructure to online threats, the importance of security and privacy has become increasingly critical. Vulnerability assessments are the cornerstone of any information assurance program.

Exploits and potential vulnerabilities are continually discovered and documented by leading security review organizations. Coupled with adaptations and changes to your network as new business requirements develop, the possibilities of exposing your systems and data are always present. It is highly recommended to repeat the assessment process periodically to minimize such possibilities. Our assessment was developed with that in mind.

An Independent Audit
Now that the FDIC has clearly separated technology from security policies in their reviews, the first step in protecting your customers and your bank is to have an independent assessment completed. It is crucial to scan your infrastructure, software, and network connectivity to develop a baseline snapshot of your environment. An assessment lets you begin to plan and implement necessary changes.

A Vulnerability Assessment is a risk management process that outlines the potential threats, areas of security weaknesses, and attempts to provide recommended remedies to the extent that they are available and feasible.

Cornice Networks begins each assessment with a comprehensive interview, gaining insights into how the IT systems were put together and how they are intended to function as a whole and individually.

Our security experts work with you through each phase of the process to ensure that every device is accounted for and tested with minimal business interruption. Both a "perceived" and an actual topology map are generated to provide a clear understanding of the make-up of the network, from a potential hacker's perspective and from the bank's.

We use standard security utilities to identify the components of your network that may be at risk. While obtaining this internal information, we also research and compile the public information available regarding your network.

RESULTS
Our vulnerability assessment process doesn't just deliver data. We give you a clear and comprehensive report that recommends solutions, provides remediation guidelines on resource requirements, and an expert opinion on the security-readiness of your computing environment.

We will also convey the results of the report in a Board-level presentation using non-technical language, providing your bank's board members with the right tools to make any necessary decisions.

The decisions made will assist you in safeguarding sensitive customer information, can reduce your IT expenses, and improve the reliability of your network.

ENGAGEMENTS
Our independent Vulnerability Assessments are designed to provide our clients with a true third-party review. We only perform these independent reviews on networks where we are not managing or maintaining the network or devices involved in the assessment on an ongoing basis.

The scope of these reviews can be limited to external- or internal-only assessments to address changes to specific devices or segments of the network. It can also be extended to multi-year engagements where we perform a review periodically.

Download Printer-Friendly Version