"AuditOne provides Bay Commercial Bank with cost effective, quality services. But the even bigger value this firm delivers is that the audits are conducted in a most user-friendly manner and their expert consultative staff are eager to suggest best practices while in the bank. AuditOne's report delivery and responsiveness to follow up questions is outstanding. They offer comprehensive internal audit services and have experts in interest rate risk, compliance, IT, credit review and operations."
George J. Guarini
President & CEO
Bay Commercial Bank
Walnut Creek, CA
||Our highly-certified IT experts provide the practical, risk-reducing independent technical audits that regulators currently expect… and hackers dismay. |
|Information Technology and Information Security
Ever since the passage of GLBA law in 1999, there has been an increased and sustained focus on Information Security by regulators, local governments, and the industry. This is not without warrant. As the Internet has become mainstream, the risks have increased on the order of a magnitude.
Computing systems and data must be protected from hackers and even insiders. The integrity and availability of data must be maintained, even in the event of a disaster. Consumer privacy is now of the utmost importance,given federal and local legislation. Simply put, the regulatory, legal, operational, and reputation risks for Information Technology are very high.
AuditOne offers two major services in the technology practices area: Information Technology and Security Audits; and Network Penetration Test and Vulnerability Assessments (with Social Engineering Analysis).
Information Technology and Information Security Audit
Our Information Technology/Security Audit procedures are not only based on the extensive FFIEC guidelines; we actually take those FFIEC guidelines and adopt the ones that are truly relevant to how you do business and how you have implemented your computing infrastructure. Those guidelines are supplemented with procedures based on other internationally recognized external standards such as ISO17799-2005 and actual risk events based on our experience of what we see in the field.
The auditors in our technology practice have had hands on experience with over a hundred financial institutions' computing systems and understand the context and nuances of the technology audit process. They take a consultative approach. They do not simply write up a finding and walk away. They are able to offer meaningful recommendations, risk mitigation measures, and peer group comparisons.
Network Penetration Test and Vulnerability Assessment with Social Engineering
AuditOne performs completely indepedent network penetration tests and vulnerability assessments. We are not in the business of the implementation of your computing systems. Regulators have come to expect penetration tests on critical systems at least once a year.
One very significant difference from other firms is that AuditOne actually performs the" penetration" portion of the test.
Many other firms simply run a vulnerability scanner program, and with the press of a button, issue a glossy report in a thick binder containing an unreadable and undecipherable "core dump". This is something that any trained monkey can do, but this is definitely not what we do. We actually try to think like a hacker to gain unauthorized access to your computing systems. We perform this task with great care to make sure that we don't break anything. The effectiveness of any penetration test is based on the skill of the security team performing it. According to our own statistics, we have been able to compromise critical systems 90% of the time for clients who had never before had a network penetration test and vulnerability assessment performed by us.