"
You guys are phenomenal"
Commercial Bank of California

Commerical Bank of California
"
Redspin is the best in the business, bar none. As a former national bank and a current state/non-member bank, we have been given feedback from three primary regulators: OCC, FDIC and DFI. Each of them had the highest compliments of Redspin's audit work."
Bank CFO

IT Security Audits for Banking and Finance - FFIEC/GLBA

Hundreds of banks and credit unions, as well as global brands such as MasterCard and Visa, have relied on Redspin for penetration testing services and IT security audits. Why? It's because we know the terrain. For years, we've helped financial institutions operate in conformance with a myriad of regulations and new compliance initiatives.
What You Need to Do How Redspin Can Help
FDIC Rules and Regulations Part 364 Appendix B Section III (C) (3) Regularly test the key controls, systems and procedures of the information security program. Guidance on what specific testing examiners are looking for can be found in the Information Technology Officer's Questionnaire.

Required testing includes:

  
Information Security Program/IT General Controls Review Internal Controls Security Assessment
Internal Vulnerability Testing Technical Internal Security Assessment
External Penetration Testing External Network Security Assessment

Redspin's domain experience includes a wide variety of financial firms regulated by many of the following agencies:

  • U.S. Security and Exchange Commission (SEC)
  • Federal Deposit Insurance Corporation (FDIC)
  • National Credit Union Administration (NCUA)
  • Office of Thrift Supervision (OTS)
  • Office of the Comptroller of the Currency (OCC)
  • Board of Governors of the Federal Reserve System (FRB)

We tailor our assessment services around the specific audit requirements defined by the Federal Financial Institutions Examination Council (FFIEC) and the Gramm Leach Bliley Act (GLBA). In addition, because of our broad exposure within the industry, Redspin is always up-to-date on what the regulators want to see, no matter what the economic trends or political climate.

Beyond compliance, we know what matters most — keeping your customer information and other critical data safe and secure. Redspin helps you accomplish that through our unparalleled technical expertise, proven methodology, and complete objectivity. Our security testing goes well beyond automated solutions; it's our manual effort and human intelligence that separates us from the pack.

We present clear findings with actionable recommendations prioritized by risk, enabling you to focus your IT resources on the most important security issues. We're mindful of resource constraints (budget, IT staff, and hours in the day) thus our mitigation strategies are written to be as cost-effective as possible.

Lastly, you can be sure that a Redspin security assessment is 100% objective. It's all we do — we don't profit from our findings or recommendations in any way. We don't up-sell hardware, software or additional remediation consulting services.

By helping you manage both security risk and compliance risk, Redspin has become a trusted independent advisor to the financial industry. It's people helping people.

Additional Redspin Services

Application Penetration Testing
Social Engineering Testing
Wireless Penetration Testing

Twitter Facebook