Joomla 1.5 template design door Websitebird
Services
Articles
Clients
Login Form



Home Information Systems Assurance

Information Systems Assurance

sploitHow secure is your network?

Do you know what your weakest links are? Are your employees exposing your organization to legal or reputation risk by their online activities? Is the person or company who is responsible for maintaining the security of your network doing their job?

In today's environment, these are questions that all business owners should not only be asking themselves, but obtaining independent assurance as to their answers.

At TJS, we have a specialized team of IT auditors with the skills and experience to help you identify security weaknesses within your information technology infrastructure before the hackers (or regulators) do. All of our audit and penetration testing programs are internally developed and consistently updated to ensure that they address the most current of issues facing the information technology arena. Our various penetration testing programs are primarily based upon the Information Systems Security Assessment Framework (ISSAF) developed by the Open Information Systems Security Group (OISSG), which is an international, peer-reviewed framework for assessing information security controls.

External Vulnerability Assessment and Penetration Testing

External vulnerability assessment and penetration testing engagements are designed to test the perimeter security of the network and is performed from the viewpoint of a hacker outside of the organization. The primary goals of these types of engagements are to:
  • Evaluate the design of the network perimeter and effectiveness of perimeter security devices such as firewalls
  • Evaluate monitoring systems in place to detect intrusion from outside sources
  • Identify vulnerabilities in the design and implementation of network security that may be exploited from outside the network
  • Identify vulnerabilities inherent within externally visible services and devices that may be exploited from outside the network
  • Gather information and attempt to compromise the network through social engineering by gaining user credentials from employees or tricking employees into running pseudo-malicious code.

Internal Vulnerability Assessment and Penetration Testing

Internal vulnerability assessment and penetration testing engagements are designed to test the internal security of the network and are performed from the viewpoint of a malicious user from inside the organization or a hacker outside of the organization that has successfully breached perimeter security. The primary goals of these types of engagements are to:
  • Evaluate monitoring systems in place to detect unusual activity and attempts to compromise internal systems
  • Identify vulnerabilities in the design and implementation of internal network security
  • Identify vulnerabilities inherent within internally visible services and devices
  • Evaluate effectiveness of systems and processes in place to update and patch systems and devices to ensure ongoing security against newly-identified threats.
  • To gain admin or root access to information systems from the standpoint of a blind hacker with no preconceived knowledge of the network.

FFIEC General IT Controls Review

Our general control review engagement is geared toward financial institutions and is designed to fulfill the scope of the traditional “IT audit” as commonly referred to by regulators. The primary goals of this type of engagement are to:

  • Evaluate policies and procedures for compliance with regulatory requirements and industry best practices
  • Evaluate management and Directorate oversight of the IT environment
  • Prepare the institution for upcoming regulatory examinations that encompass an IT component
  • Identify areas for improvement in operational processes, business continuity planning, system and application security configuration, and monitoring
  • Provide detailed documentation of the information technology control environment in an easily readable format that can greatly reduce the time and burden associated with an upcoming regulatory examination.

The program is primarily based upon guidance and programs in the FFIEC IT Examination Handbooks, which provide the basis for regulatory examination procedures of the IT function.

Functional areas reviewed include:

  • Management
  • Audit
  • Development and Acquisition
  • Support and Delivery
  • Network Security Controls
  • Business Continuity Planning
  • EFT / ACH
  • Internet Banking
 
Copyright © 2010 Thigpen, Jones, Seaton, & Co., P.C.. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.

Template Design door: Websitebird.