Garland Group Blog

Archive for November, 2006

Internal IT Audits Vs External IT audits

The Community November 27th, 2006 0 Comments

Financial Institutions conduct an IT audit annually.  Many financial institutions have an internal auditing staff that conduct these IT audits.  The knowledge base required for the auditors to understand the different operating systems, firewalls,  ancillary applications, communication systems, online banking, Item Processing and the advancing technology being brought into the bank is becoming overwhelming. 

A number of financial institutions have begun to engage external IT auditors to conduct their internal IT audits.  It reduces the cost of training the staff and reduces the overhead of number of staff required to conduct the audits.  Good external IT auditors review dozens of bank annually and see multiple systems.  They keep up with the changing technology and apply it in their IT controls reviews.  

The Garland Group has a good IT audit staff that conducts a comprehensive risk assessment with every IT audit.  The financial institution will receive numerous reports and spread sheets to follow the processes used and to help them work more effectively and inline with the FFIEC guidelines.

 

One Man’s Trash

The Community November 8th, 2006 1 Comment

One Man’s Trash… is another man’s access into your secure environment.

I’m currently working on an engagement for social engineering with a bank, and what I’ve found is surprising.  We go to great lengths to warn our clients about shredding sensitive information but so often, employees are unaware of what can really cause an informational leak in an organization.  The obvious ones: Account  Numbers, Social Security Numbers, PIN’s and Passwords; most employees are aware that physical media with that information should be disposed of properly.   What about department memo’s?  Imagine if a memo that stated that the exterminators would be coming into the bank at 10:00AM next Thursday?  Is that information you would want a would be Kevin Mitnick to have when he has your organization in his sights?  Have you driven behind a grocery store lately?  Have you noticed the kind of dumpsters they use? They are inaccessible from the outside.  Locked and secure to keep people and animals away from spoiled stale and dangerous items.  What steps should you take to keep information thieves away from stale and dangerous data?

Oh, and just on a personal note…  banks have the cleanest trash you could ever imagine…  the gross factor won’t dissuade someone that really wants to find something.