CUC Comprehensive IT Audit

Be efficient. Be compliant. Know.

You will know the status of your IT systems beyond compliance.

Credit Union Consulting of Ohio, Inc. will enlighten you to the strengths and weaknesses of your IT infrastructure. Our IT professionals have a diverse knowledge base and will help guide you into the future of your information systems by performing a CUC IT Audit. 

Why is CUC uniquely qualified to perform my IT audit?

We are not just IT auditors. We are engineers that have been planning and implementing IT infrastructures for over fifteen years. We do the real work everday. We constantly learn and study new technology, new threats to information security and how to stop the threats. We have not seen any other firm perform with the level of care we do. Your credit union's IT audit will be conducted with the same care and detail that we employ for our IT service clients.

What type of IT audit will CUC conduct for me?

You can expect our CUC IT Audit to be thorough, unbiased, and brutally honest. Our mission is to provide your credit union with a realistic, valuable evaluation. We are a great fit for credit unions that desire to know the truth about their IT infrastructure. We check your entire IT Infrastructure to give you an accurate assessment of your credit union's information security program. Our audit can be tailored to address your areas of concern.

How will CUC deliver the results of my IT audit?

You will benefit from the added value of CUC's results and remediation report. We promptly deliver the intial report which will detail any issues we found and the remediation actions. After discussion with your credit union, we then produce a final report that is board and examiner ready. We work for you and our goal is to provide your credit union with valuable information about your IT infrastructure.

Why does CUC not require long term contracts?

We have found that using the same company for an IT Audit year after year is counter productive for our clients and not best practice. The whole point is to have an outside, objective evaluation. When the same company performs an IT Audit for a credit union year after year, it becomes increasingly biased. It also cannot be considered completely external. We provide ongoing IT Service for many credit unions. We welcome the scrutiny of fresh eyes and ideas and so should you.

Do not just get an IT Audit. Get Value. Get a CUC Comprehensive IT Audit.

We will audit, evaluate and write recommendations on the following for best practice, compliance and policy adherence:

External Vulnerability Risk Assessment

1. Network Detection and Diagram
2. Perimeter Vulnerability Assessment
3. Wireless Access Testing and Review
4. Wireless Attack Simulations
5. Network Attack Simulations
6. Social Network Engineering
7. Web Application / Database Assessment

Internal Vulnerability Risk Assessment

1. Network Evaluation
   1. Network Diagram / IP Diagram Analysis
   2. Internal Penetration / Vulnerability Assessment
   3. External Penetration / Vulnerability Assessment
   4. Gateway Antivirus and Anti-Spyware Analysis
   5. IPS (Intrusion Prevention System) Review
   6. IDS (Intrusion Detection System) Review
   7. Firewall and Router Evaluation Review
   8. Wireless Scan and Policy Review
   9. Access Management Analysis
   10. Remote Access Policy Review
   11. Change Management Analysis
       
       
2. Server Evaluation
   1. Physical Controls - Spatial, Environmental Evaluation
      1. Cleanliness of Environment
      2. Thermal Evaluation
      3. Static Electricity Evaluation
      4. Smoke and Fire Risk and Provisioning
      5. UPS Systems and Management Evaluation
      6. Cable Management Evaluation
   2. Systems Performance and Capacity Analysis
      1. Hard Drive Space
      2. RAM
      3. CPU and Network Usage
   3. Immunity Analysis
      1. Spam Protection
      2. Spyware Protection
      3. Virus Protection
   4. Business Continuity Evaluation
      1. Disaster Recovery Protocol
      2. Backup Procedure Protocol
      3. OS Image Procedure Protocol
   5. Communications System Analysis
      1. Email Services
      2. Password Management
      3. Domain Organization
   6. Update Analysis
      1. Service Packs
      2. Patch Management
   7. File System Privilege and Admin Management Evaluation
      1. User and Group Structure
      2. Group Policy Structure
      3. Shares / Permission Auditing
      4. Sensitive System Evaluation
   8. Access Management Analysis
      1. Penetration Testing
      2. Open Port Evaluation
      3. Password Cracking and Policy
      4. Remote Access Policy
   9. Change Management Analysis
      
      
3. Workstation Evaluation
   1. Open Port Evaluation
   2. Patch Management Analysis
   3. Spam Protection Evaluation
   4. Virus Protection Evaluation
   5. Spyware Protection Evaluation
   6. Software Firewall Analysis
   7. Removable / Portable Device Security Analysis
      1. PDA
      2. Removable USB etc.

Physical Facility Evaluation

1. Smoke and Fire Detection
2. UPS Systems and Management
3. Cable Management

Policy Review and Evaluation

1. Identify and Review Current Policy
2. Policy Gap Analysis