IT Audit & Security

FIPCO has established IT Services and partnerships to deliver world class solutions to our customers. We have the experience and expertise to deliver on an institution's number one priority, which is to better manage risk with a proactive Security Program. The Security Program’s audit and security activities are designed to cover critical aspects of business operation in the protection of enterprise IT infrastructure and the business computing environment.

  • Security controls must be both proactive and reactive in order to protect what can be predicted and react to what cannot.

"If it’s predictable, it’s preventable.”

and industry-wide;

“Security must become part of every organizations DNA.”

  • Audit is a management measure that checks the adequacy and effectiveness of controls. In general audit is preventative, but not proactive. Review of controls encourages due diligence of original control implementation and identifies missing preventative controls, but after implementation.

Both security and audit are necessary in an effective Security Program and have their place in the overall protection of any organization. Every institution’s Risk Profile must be used to determine how much security is reasonable; when to mitigate, when to transfer and when to accept risk.

It is quite clear that from an Information Technology perspective the Security Program must have two critical characteristics. Those characteristics are for IT security controls and audits to be:

Risk Based


Proactive

Information technology advancements have changed the way our institutions transact business, how governments operate, and even impacted how national defense is ensured. Protection of essential business systems is critical and the efforts to protect them must be continuous. Malicious activity has had exponential growth to a point where in February 2008 it was identified that “half of the Internet use has something to do with hackers or is done with criminal intent”. (As reported by Ian Cook, security expert of Team Cymru Research). The threats today are highly targeted at specific individuals or organizations. They are from hackers, spies, corporate raiders, terrorists, professional criminals, and vandals. These groups have a vested interest and have established well defined objectives that will challenge technology for financial and political gain.

In spite of the greatly increasing amount of malicious activity from external activity; for most organizations the greatest threat still remains from internal sources. The incidents that result can lead to financial loss, loss of reputation, legal and regulatory or compliance issues and basic damages of an institution’s enterprise infrastructure and ability to process transactions.

FIPCO can assist with the effectiveness of your Security Program through state of the art industry standard Risk Assessment methodologies, reviewed by the FDIC and used in organizations large and small. Consider FIPCO for assistance in helping to maintain, expand and improve the controls your organization must have in place in order to ensure the safety and soundness of your business.

For more information on any of the FIPCO IT Services contact your FIPCO® account executive at 1-800/722-3498 (Ex. 254 or 258) or FIPCO Sales

"Mike, thanks again for all your help. We’ve downloaded the forms and are working on the urgent matter for which we needed them. Your outstanding response and that of Pat at your office are truly appreciated."

- Mary Poehlman, McNally, Maloney & Peterson

IT Threat Intelligence Briefings

Compliance Round Table Discussion

Join FIPCO and network with your peers on IT Threat issues in your bank. 

Click here for more details.

IT Security Newsbytes

Stay current between FIPCO IT Audit Round Table Discussions by subscribing to the IT Services InfoSecmsg e-publication! This FREE weekly update provides the latest on the information security landscape and its impact on your organization.

Register to receive this critical e-publication today!