Information Security and Compliance Services

CoNetrix Security specializes in providing information and cyber security services to banks, savings associations, credit unions, and trust companies. Our extensive experience in working with financial institutions through examinations and audits makes us uniquely qualified to provide these services. CoNetrix security specialists understand the technology and applications utilized in the financial industry as well as the regulatory requirements and guidance. We strive to provide superior service and customer satisfaction. To see how CoNetrix Security customers rate us, click here. Below are a few of our security and compliance products and services.

GLBA Compliance and ISO Consulting

Boost Consulting Services are designed to assist financial institutions with their information security, cyber security and compliance needs by providing professional consultants who are qualified security experts in the financial industry.

Boost Consulting Services include:

  • Boost ISO—Information Security Officer support designed to complement the capabilities your financial institution currently maintains. Various services available include: incident response, employee security awareness training, annual report to the Board, security committee consulting, full information security program development and support.
  • Boost RA—development and maintenance of an Information Security Risk Assessment
  • Boost BCP—development and maintenance of a Business Continuity Plan
  • Boost POL—development and maintenance of the institution's Information Security Policies
  • Boost VM—assistance with the institution's vendor management program
  • Boost CAT—consulting and services association with the Cybersecurity Awareness Tool
  • Boost AM—audit and exam management services

External Penetration Testing

A CoNetrix Security Penetration Test allows you to identify potential weaknesses within your network perimeter, whether structural, technological, or procedural.

Areas Analyzed

A CoNetrix Security Penetration Test includes an in-depth analysis using multiple tools and focuses on the following areas:

  • Internet connections
  • Phone lines
  • Scanning for thousands of vulnerabilities
  • Exploitation of vulnerabilities based on rules of engagement
  • Perimeter strength using non-intrusive hacker utilities
  • Employee security awareness (Social Engineering)
  • Quarterly follow-up scanning and reporting via Internet Exposure and Vulnerability Assessments (IEVAs)

In addition, we can customize a solution to fit your needs. Some common variations include:

  • Internet Vulnerability Test
  • Social Engineering Test
  • Telecom Test

IT Audit & Vulnerability Assessment for Financial Institutions

A CoNetrix Security IT Audit and Vulnerability Assessment of your company's information systems will help you comply with regulatory guidance, the Gramm-Leach-Bliley Act (GLBA), and industry best practices while also helping improve your institution's security.

Key Areas Analyzed

A CoNetrix Security IT Audit and Vulnerability Assessment uses a risk-based approach to analyze information and cyber security controls, infrastructure, policies, and procedures. Our IT Audit and Vulnerability Assessment covers the following key areas:

  • Access and Data Management
  • Application Review (for additional in-scope applications)
  • Business Continuity Planning
  • Cyber Event Detection – Monitoring, Alerting, and Review
  • Cyber Incident Response
  • Cyber Threat – Vulnerability Detection
  • Cyber Threat Intelligence – Gathering, Sharing, Use
  • Device and Endpoint Security
  • IT Asset Management
  • IT Audit Independence
  • IT Infrastructure Management
  • IT Oversight, Strategy, and Policy
  • IT Patch Management
  • IT Risk Management and Risk Assessment
  • IT Staffing, Security Training and Company Culture
  • Vendor Management

In addition, we can customize the audit engagement to fit your needs. Ask us about additional coverage options, including:

  • Core Server Operating System
  • Remote Deposit Capture (RDC)
  • Virtual Infrastructure
  • Branch Visits
  • Secure Coding Practices
  • Identity Theft Prevention Program (ITPP)
  • Wireless Assessment