Information Security
Network Vulnerability Assessments, Penetration Testing and Social Engineering
To ensure a financial institution’s security systems function effectively Cadre performs independent vulnerability assessments and internal/external penetration tests.
Vulnerability assessments include on and off-site assessments of security procedures, devices, methods, organization and staffing. While vulnerability testing provides the starting point for assessing information security controls, external security penetration testing provides financial institutions assurance security controls function as intended. During these tests Cadre’s security professionals simulate attacks and attempts to login and gain access to a financial institution’s servers and network. Methods include automated security test scripts and hands-on, live attempts to penetrate an institution’s security controls.
The effectiveness of any penetration test is based on the skill of the security team performing it. Cadre’s security consultants are CISSP, NSA, and OPSA certified, and their understanding of how financial networks and applications transmit customer information allows the team to quickly and properly identify risks to the institution.

Information Security Assessment and Plan
Cadre’s consultants will:
-
Identify and document threats to the security, integrity, accessibility, and confidentiality of the Bank’s information systems, both electronic and non-electronic
-
Establish appropriate security policies and procedures to mitigate the risks of such threats
-
Include appropriate security monitoring and incident response processes
-
Evaluate the risks of using third-party vendors for information processing
Cadre’s report of the assessment will:
-
Document the current condition of the institution’s compliance with the Gramm-Leach-Bliley Act and related regulations
-
Identify threats to the security of electronic and non-electronic information systems and those steps the organization has taken to mitigate the occurrence of these threats and exposure to them
-
Include a risk matrix that documents information security systems, risks, threats, exposures and administrative, technical and physical security controls.
-
Include recommend actions the institution can take to address information system security weaknesses
In addition, Cadre will provide security policy templates and other information, as appropriate, to ensure the Bank’s information security policies meet regulatory requirements.

IT Audit
Cadre's IT Audit is a comprehensive assessment of risk and validation of key controls throughout the Bank’s Information Technology function. Our approach complies with the FFIEC’s Interagency Guidance on the Internal Audit Function and its Outsourcing and the IT Examination Handbook. Cadre has developed a customized IT risk assessment and audit approach, based on COBIT 5.1.
The scope of the IT Audit includes:
-
Technology planning and implementation processes
-
Board and senior management controls
-
Regulatory exams and management responses
-
Information technology practices and procedures
-
General and specific IT control environments
-
Application controls
-
Technology acquisition and implementation processes
-
Business continuity planning
-
Vendor management practices
In addition to reviewing policies, procedures, and practices related to each these areas, Cadre will perform appropriate tests of key procedures and internal control attributes to ensure their operational effectiveness.
The report of our IT Audit will include maturity ratings of the major IT governance elements, as defined in COBIT, and an overall rating and audit opinion of the IT function.
