Information Security/Cybersecurity Program Testing
FORVIS has experience in Information Security Program Testing compliance issues and guidelines intended for financial institutions to protect consumer information, assess risks, and design and implement information security programs.
We offer Information Security/Cybersecurity Program testing services, including identification and confirmation of the effectiveness of a financial institution’s Information Security /Cybersecurity Program, as required by the Interagency Guidelines Establishing Standards for Safeguarding Customer Information, as mandated by Section 501(b) of the Gramm-Leach-Bliley Act of 1999 (GLBA). These security guidelines outline the administrative, technical, and physical safeguards needed to maintain the security confidentiality, integrity, and proper disposal of customer information.
FORVIS can compare the adequacy of an Information Security/Cybersecurity Program through testing of the following program components:
- Organization
- Governance of the Program
- Risk Assessment Processes
- Security Risk Indicators Reporting
- Red Flags
- Industry Threats Monitoring
- Systems Security Tools Implementation
- Procedural Security Enhancements
- Monitoring
- Information Security/Cybersecurity Training
- Information Security Testing Processes
- Reporting to Board of Directors