CLA can assess the security of your systems and advise you on how to improve.
What’s on your mind?
- Securing your systems and applications
- Avoiding loss of funds or reputation due to data breach or stolen credentials
- Meeting industry-specific requirements like General Data Protection Retention (GDPR), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), Gramm-Leach-Bliley-Act (GLBA), and Criminal Justice Information Services (CJIS) standards
- Complying with federal and state laws such as the Federal Information Security Management Act (FISMA) or the National Institute of Standards and Technology (NIST)
- Knowing if internal IT staff have the capacity and specific knowledge to secure your systems and applications
- Finding the right outside vendors to manage security specific to your organization’s needs
A unique approach
An IT risk and vulnerability assessment is designed to thoroughly root out vulnerabilities and security weaknesses. We will validate where expected controls are functioning effectively and identify systems and processes in need of improvement.
Tools alone can’t assess risk. Our professionals are the key. They will develop a true understanding of your business systems so that observations and recommendations will enhance your IT risk management processes in a manner that fits your operations. Our results are compiled into a user-friendly report that addresses system weaknesses or misconfigurations.
IT risk and vulnerability services
- Define and document your information systems assets (systems, applications, data, and key business processes)
- Interview your key personnel to clearly understand your business needs and expected controls
- Technically test systems and validate that controls are operating as expected
- Meet with your leadership to review the process and discuss the results in “plain English”
- In select geographies, address the issues we uncover by providing remediation and ongoing outsourced IT support
- Disaster recovery and business continuity
- Purple team penetration testing
- Ransomware preparedness assessment
- SOC for cybersecurity
Research source: Verizon's 2013 Data Breach Investigation Report
InsightsSee All Insights
Blog 5/3/2022Discord Users Beware of Server Hijacks
Blog 4/29/2022GLBA Safeguards Rule Update
Blog 4/4/2022FBI-Ransomware Impacting Local Governments
Media coverage 3/28/2022Download AGA’s Report: CLA Contributed Research on Government Cybersecurity
EventsSee All Events
Event 6/28/2022 – 7/1/2022Association of Credit Union and Internal Auditors Annual Conference
Event 5/22/2022 – 5/25/2022CUNA Finance Council Conference 2022