Tag: IT Security Audit

Audit Results

BAI SECURITY – MID-YEAR TOP-4 SECURITY RISKS

First, it should be noted that this list is compiled from IT Security Audits performed by BAI Security during January to July of 2013 and is not intended to be a comprehensive list of all security risks.  BAI Security specializes in auditing regulated organizations, such as those in banking and finance, pharmaceutical, healthcare, insurance, and the utility sector.  While commonalities often exist, the results found here are not necessarily representative of businesses outside of these sectors. Social Engineering Social engineering has long been a serious security concern, but more recently organizations are slipping even further into a much higher level of risk in this area.  Even with most organizations performing annual end-user security awareness training, which usually includes a piece on social

Read More »
Computer Security

MANY BANKS AND CREDIT UNIONS FAIL THE VULNERABILITY TESTING COMPONENT OF THEIR IT SECURITY AUDIT DUE TO WEAK PATCH MANAGEMENT

Do you have a patch management plan?  If so, how effective is it?  Many companies either lack a comprehensive plan or the necessary tools to properly automate the processing of updates.  In fact, the underlying reasons many banks and credit unions fail the vulnerability testing component of their IT security audit is this lack of effective patch management. Failed Vulnerability Testing Due to Weak Patch Management Often Root Cause of Poor IT Security Audit Results As for the tools, many companies rely only on Windows Server Update Services (WSUS) to patch their Microsoft Windows operating system and other Microsoft software.  WSUS does not patch non-Microsoft application software, such as Adobe Acrobat, Adobe Flash, Adobe Shockwave, which often have severe risks that can lead

Read More »