Agencies

Anti-Money Laundering

Business Continuity & Disaster Recovery

Compliance

Emerging Technology

Governance and Standards

Identity Theft

Leadership Management

Physical Security

Risk Management

Training & Education

Webinar Calendar

Vendor Directory

Content Library

Products

Events

About Us

Resources

Security Audit Findings Spurring Organizational Change

Management Guidelines

The demands of new regulations, including the Sarbanes-Oxley Act, Gramm-Leach-Bliley, the Patriot Act, and disclosure statutes for security breaches, are forcing banks to implement stringent information security measures. The auditing of information technology - once a rather staid component of a an auditing firm's practice - has gone gangbusters with the explosion of legislation and the publicity surrounding hacking incidents and losses of customer data.

Banks today must be prepared to undergo top-to-bottom audits aimed at finding chinks in their information security architectures, and then go about remediating deficiencies. Where should they look?

Before a bank can interpret and act upon the findings of an audit, it must understand the audit's scope. According to the Information Systems and Control Association, a security audit is broken down into seven categories: systems understanding, security management, security administration, system configuration, access controls, file & directory protection, and reporting & auditing.

> Read entire article (log in required - registration is free)