Assesment methodology
Following the CastleGarde assessment methodology, an Internal Vulnerability Assessment is performed in four stages:
The purpose of an Internal Vulnerability Assessment (IVA) is to examine the effectiveness of the credit union's controls against a combination of financial industry best practices including: Gramm-Leach-Bliley (GLBA), Federal Financial Institution Examination Council (FFIEC), NIST, ISO, and PCI requirements as well as general good business sense. The six major security domains addressed during the scope of an IVA includes: User Security, Host Security, Physical Security, Network Security, Disaster Recovery, and Policies and Procedures. These domains are reviewed against industry best practices for internal network security.
Following the CastleGarde assessment methodology, an Internal Vulnerability Assessment is performed in four stages:
Most of the initial information gathering will take place at your site. During the identification and testing stage, CastleGarde will interview selected staff, review policy, and observe procedures. The end goal of this stage is to create a test bed to use in the resulting phases by identifying the critical information assets of the organization. Moreover, by interviewing key staff and through direct observation, CastleGarde will be able to determine the effectiveness of procedural controls in place to maintain the confidentiality, integrity, and availability of the critical information systems. This stage is most often thought of as the person-to-person stage.
In the identification and testing stage, CastleGarde will perform manual probes of systems and run a number of security audit and assessment tools to evaluate the effectiveness of controls implemented and enforced by the systems themselves. In addition, if vulnerabilities in procedural controls or systems were exposed in the previous phase, they will be tested now.
