The IT Review process begins with analysis of the Bank’s Risk Assessment. Reviewing the risk assessment allows us to create an audit plan based on the bank’s risk assessment. The audit plan covers more than 25 key areas over three years and the review process covers the 13 areas in the FFIEC Handbooks.
The second step of the network security review is to evaluate the security of network devices visible from inside the bank’s perimeter including servers, routers, switches, firewalls, and workstations. Using the information obtained in Step 1, we will work with the Bank’s information technology personnel to identify all internal network devices to be tested.
The external network vulnerability assessment utilizes various scanning tools to evaluate network perimeter security. We will scan the Internet devices to determine: