|What You Need to Do||How Redspin Can Help|
FDIC Rules and Regulations Part 364 Appendix B Section III (C) (3)
Regularly test the key controls, systems and procedures of the information security program.
Guidance on what specific testing examiners are looking for can be found in the Information Technology Officer's Questionnaire.
Required testing includes:
|Information Security Program/IT General Controls Review||Internal Controls Security Assessment|
|Internal Vulnerability Testing||Technical Internal Security Assessment|
|External Penetration Testing||External Network Security Assessment|
We tailor our assessment services around the specific audit requirements defined by the Federal Financial Institutions Examination Council (FFIEC) and the Gramm Leach Bliley Act (GLBA). In addition, because of our broad exposure within the industry, Redspin is always up-to-date on what the regulators want to see, no matter what the economic trends or political climate.
Beyond compliance, we know what matters most — keeping your customer information and other critical data safe and secure. Redspin helps you accomplish that through our unparalleled technical expertise, proven methodology, and complete objectivity. Our security testing goes well beyond automated solutions; it's our manual effort and human intelligence that separates us from the pack.
We present clear findings with actionable recommendations prioritized by risk, enabling you to focus your IT resources on the most important security issues. We're mindful of resource constraints (budget, IT staff, and hours in the day) thus our mitigation strategies are written to be as cost-effective as possible.
Lastly, you can be sure that a Redspin security assessment is 100% objective. It's all we do — we don't profit from our findings or recommendations in any way. We don't up-sell hardware, software or additional remediation consulting services.
By helping you manage both security risk and compliance risk, Redspin has become a trusted independent advisor to the financial industry. It's people helping people.