System Audit - North American Credit Union
Business Requirement
The Scope of the work included IT
Hardware and Cloud risk assessment for
a credit union to comply for risk
requirements and NIST / ISO adoption for
Includes
the
NCUA requirements
following areas of review:
- IS Policy and Procedure existence of controls is ISMS and
- R&R and SOD
- Server
- Pointer
- Laptop & Desktop
- Oracle Cloud Infrastructure
- ATM and Cash Recycler
- CCTV
- Hot sit Physical and Environmental security
- Email and Data encryption
Key Finding
- Risk register template adherence challenges
- Inherent and residual risk scoring with threat actors identification
- Controls and Adherence to security processes and log review/rule set review for firewalls
- End point protection issues
- Cloud administration and user management issues
- Compartmentalization issues in cloud
- Google workspace challenges on MFA and Retention
Key Finding
Our proprietary SPARK framework was used to
perform the audit with our enabled risk library that
includes:
- Risk library was reviewed for applicable risks
- Inventory mapping for process, data, evidences, documents and artifacts
- VAPT report review
- Gap analysis and risk identification
- Mapping of existing controls and effectiveness review
- Enabled risk library with domain & technology risks
Business Benefit and Result
- Improved Design of controls and operating effectiveness
- Risk library with inherent and residual risks
- Risk scoring and enablement management action
- Proactive risk management and controls definition
- CAPA definition and roll out
