Internal Vulnerability Assessment
A CoNetrix Internal Vulnerability Assessment can help locate security vulnerabilities or "weak links" in your
company or financial institution's information systems and technical controls. For this engagement, we send our
scanning appliance, the CoNetrix Audit Toolbox, to do the onsite data collection.
The CoNetrix Audit Toolbox uses automated tools to independently collect network data, which CoNetrix then uses to
assess technical security controls and identify corrective actions. Assessments may focus on the security process,
the information system, or a specific host or network.
Who needs this service?
The Internal Vulnerability Assessment is a subset of the
CoNetrix IT/GLBA Audit & Assessment that only looks at your
technical IT controls. A narrow scope is typically requested for situations when:
- An Examiner says you need more technical review
- Your audit doesn't include technical controls
- Independent verification of current technical controls
- You need an FFIEC compliant technical audit
- You want to continue a relationship with a CPA or Firm that doesn't have the IT knowledge and expertise for a thorough technical assessment.
Note: The Internal Vulnerability Assessment does not include an onsite audit as part of the engagement. Please consult with your account representative for a solution that meets the needs of your company.
Scope of Work
- Patch Management
- Unsupported Operating Systems
- Antivirus / Potentially Unauthorized or Malicious Software
- File Access Controls / Security Logging
- Local Administrators
- Sensitive Data Stored on Workstations
- Active Directory (AD) Accounts & Passwords
- Firewall & Router Analysis (Cisco, SonicWall, FortiNet, CheckPoint) – Optional
- Virtual Servers (VMware or Hyper-V) – Optional
Knowledge and Expertise:
- CoNetrix has conducted more than 600 different IT related audit engagements since 2001.
- The CoNetrix staff has more than 500 years of accumulated information technology, network, and security experience.
- CoNetrix's security experts hold numerous security certifications, such as CISSP, SSCP, CISM, CISA, and other Microsoft and Cisco security specializations.
- CoNetrix maintains a staff of multiple network engineers.
The CoNetrix Difference:
- CoNetrix provides easy-to-read reports with findings sorted by associated risk and estimated cost.
- Reports include regulatory reference, remediation recommendations, and a detailed review with a CoNetrix security expert.
Access to the Tandem Audit Lite software, a finding and response
manager, is included. Audit Lite is a version of the Tandem Audit
software limited to tracking CoNetrix security engagements.
Our comprehensive work program is built upon:
- CoNetrix audit experience
- FFIEC Information Technology Examination Booklets
- Gramm-Leach-Bliley Act Standards for Safeguarding Customer Information
- Information Systems Audit and Control Association (ISACA) guidelines