The DAG Tech IT Security Audit involves the examination of the practices, procedures, technical controls, personnel, and other resources that are leveraged to manage your security risks and assures that you adhere to recognized best practices and IT security mandates.
Audit Categories: Domain Services, Server Security, Workstation Security, Device Security, Mobile Computer Security, Remote Connectivity Systems Security, E-mail Systems Security, Database Security, File System Security, Cloud System Security, Voice Systems Security, Video Systems Security, Social Network Security, Anti-Malware Systems, Perimeter Security, LAN Security, Network Performance, Wireless System Security, Inter-Site Network Security, Biometric System Security, IT Processes and SOPs
The Compliance Overview
If your organization is subject to IT security mandates such as FDIC, GLBA, HIPAA, HITECH, NCUA, OCC and PCI DSS, you are required to undergo regular risk assessments in order to identify reasonably foreseeable risks that – if left unchecked – could lead to service interruption or unauthorized disclosure, misuse, alteration, or destruction of confidential information. Then, having determined your risks, you must initiate and maintain security controls that are in line with standards established by regulators and best practices. Effectively auditing and evaluating those controls require deep expertise and experience in IT security and up-to-date knowledge of regulatory details.
DAG Tech’s IT Security Audit
DAG Tech’s information security experts thoroughly audit your existing security controls. This involves the collection and examination of your practices and procedures documentation as well as technological control data.
Also included in your audit are key personnel interviews, a walk-through of your physical location(s) and any other asset(s) that impact the effectiveness of your information security program. These measures are designed to verify that existing controls adhere to your organization’s risk assessment, best practice standards, and applicable regulatory compliance requirements.
Through this thorough and highly-structured process, we identify critical deficiencies and control weaknesses, verify that the controls meet the appropriate standards and document each step of the process.
DAG Tech’s IT security audit services are based on regulations and guidance from:
- Federal Financial Institutions Examination Council (FFIEC)
- Federal Deposit Insurance Corporation (FDIC)
- National Credit Union Administration (NCUA)
- Office of the Comptroller of the Currency (OCC)
- Federal Reserve (FRB)
- Consumer Financial Protection Bureau (CPFB)
- Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry Data Security Standard (PCI DSS)
- Industry Best Practices
DAG Tech’s IT security audit services include reviews of:
- Authentication and access controls
- Network security
- Host security
- User equipment security (e.g., workstation, laptop, handheld)
- Personnel security
- Physical security
- Application security
- Software development and acquisition
- Business continuity – security
- Service provider oversight – security
- Data security
- Security monitoring
Documentation includes the policies, procedures and checklists that define and/or support IT controls. The interviews and walk throughs, which are conducted with key personnel from the organization, are performed to validate adherence to the documented policies and procedures, as well as to corroborate the practices described during the interview process.
IT security audit results are provided in an extensive report containing:
- Executive summary
- Remediation action plan
- Detailed audit results
- Control descriptions and verification procedures
- Supporting documentation