Information Security Governance Audit

A CoNetrix Information Security Governance Audit will help you identify any gaps in your information security compliance program so you know where to focus your attention.

Who needs this service?

An Information Security Governance Audit is best for financial institutions that only need an audit of policies and procedures pertinent to information and cybersecurity.

If you need a full IT audit that includes technical security controls, then a better fit would be an IT Audit and Vulnerability Assessment.

Scope of Work

A CoNetrix Information Security Audit is done remotely and covers the following key areas:

  • Business Continuity Planning
  • IT Audit Independence
  • IT Oversight, Strategy & Policy
  • IT Risk Management & Risk Assessment
  • IT Staffing, Security Training & Company Culture
  • Vendor Management
  • Identity Theft Prevention Program - Optional

Request a Quote

Why CoNetrix Security?

Knowledge and Expertise:

  • CoNetrix Security has conducted more than 1,000 different IT related audit engagements since 2001.
  • The CoNetrix Security staff has more than 500 years of accumulated information technology, network, and security experience.
  • The CoNetrix security staff hold numerous security certifications, such as CISSP, SSCP, CISM, CISA, and other Microsoft and Cisco security specializations.
  • The CoNetrix Family of Companies includes numerous resources for CoNetrix Security to consult, including software developers, web developers, and IT engineers.

The CoNetrix Security Difference:

  • CoNetrix Security provides easy-to-read reports with findings sorted by associated risk and estimated cost.
  • Reports include regulatory reference, remediation recommendations, and a detailed review with an information and cyber security expert.
  • Access to the Tandem Audit Lite software, a finding and response manager, is included. Audit Lite is a version of the Tandem Audit software limited to tracking CoNetrix Security engagements.
  • A comprehensive work program is built upon:
    • FFIEC Cybersecurity Assessment Tool (CAT)
    • CoNetrix Security audit, testing, and consulting experience
    • FFIEC Information Technology Examination Booklets
    • Gramm-Leach-Bliley Act Standards for Safeguarding Customer Information
    • Information Systems Audit and Control Association (ISACA) audit guidelines
    • Information Technology Risk Examination (InTREx) Program
    • National Institute of Standards and Technology (NIST) Special Publications
    • The Center for Internet Security (CIS) Top Controls

CoNetrix Security audit services are offered as three engagement levels to fit the needs of your institution. Add optional coverage to check additional controls, as needed.

Information Security Governance Audit Internal Vulnerability Assessment Network Security Assessment IT Audit & Vulnerability Assessment
Performed remotely or onsite auditor Remote Remote Onsite Onsite
Internal Vulnerability Scanning
Interviews With Client Staff
Active Directory Analysis
Data Collection with Onsite CoNetrix Toolbox
Physical Walkthroughs
Analysis of Technical Security Controls
Firewall/Router Analysis Option
Application Security Controls Review (Core System, Online Customer Account System, Wire/ACH)
GLBA Information Security Program Audit
Cybersecurity Plans and Policies Audit

Ready for the next step?

Request a Quote