MemberGuard Services
Information Security Program Review
Our Information Security Program Review performs a Gap Analysis to systematically review your credit union's policy and procedure compliance with Appendix A of NCUA Rules & Regulations, Part 748. The result is a comprehensive, fact-based Security Improvement Plan to address any compliance gaps at your credit union. The Security Improvement Plan can serve as your compliance roadmap and can be used as the basis for budget and scheduling decisions.
Regulatory Exam Mitigation
Understanding and resolving exam findings can sometimes be a daunting task for a credit union. Developing the right corrective actions to assure closure is an integral part of sound credit union management. MemberGuard can help you fully understand the examiner’s findings, relate the findings to a specific regulatory requirement and develop actionable mitigation steps to resolve the finding. As a result you will have a documented improvement plan to serve as your compliance roadmap. A well developed improvement plan can be used as the basis for budget and scheduling decisions.
Security Improvement Planning
If a gap is identified in your security or compliance program, MemberGuard can help guide your credit union to full compliance. We’ll draft a security improvement plan to serve as your compliance roadmap. It will define the necessary mitigation actions, responsible parties and target completion dates. A well developed security improvement plan can then be the basis for budget and scheduling decisions.
Information Security Risk Assessments
MemberGuard supports an organization-wide approach to risk management that adds consistency in identifying, measuring and controlling risk throughout the credit union. We use the methodologies and approach defined in NIST SP 800-30 and ISO/IEC 27001:2005. Risk assessment services include:
- Establishing a size appropriate risk management methodology and tool set
- Evaluating the effectiveness of current security controls
- Policy, procedure and standard report development
- Senior Management and Board level briefings
Policy & Procedure Review & Development
Policies and procedures are the foundation for a successful information security program. MemberGuard will help your credit union create or update security policies, procedures, and process documentation. We’ll work with you to scope the extent of the documentation needed, evaluate existing policies and procedures, plan the approach to create new procedures, establish documentation standards and create a customized documentation-maintenance program. MemberGuard's proven methodology and process-oriented approach will provide your credit union with the effective and functional business documentation you need.
Technical Assessments
Internal Vulnerability Assessment - MemberGuard's internal vulnerability assessment seeks to discover areas within your credit union's network where malicious activity may occur. A scan will be conducted to test your internal local network using the IP addresses you provide. We'll probe the network for active IP addresses and conduct passive scans. Then we'll scan from an open area simulating an unauthorized user gaining access to the facility. You'll receive a detailed report defining the noted vulnerabilities, associated risks and the recommended mitigation actions.
External Vulnerability Assessment - MemberGuard's external vulnerability assessment can detect areas of your credit union's network where an intruder could exploit security vulnerabilities. An external vulnerability assessment can help you determine your credit union's level of network security and identify weak elements or unprotected access points that need to be secured. It can also be used as an aide in evaluating your credit union's detection and response capabilities and help to determine whether the proper controls are in place. A detailed report will be provided to define the noted vulnerabilities, associated risks and the recommended mitigation actions.
Staff, Management & Board Level Training
MemberGuard can create on-site or web-based courses, workshops and educational material specifically for your credit union on the following topics:
- Information security awareness
- Understanding SAS 70 Audits
- Understanding ISO/IEC 27001:2005 certification
- Conducting vulnerability scans
- Security incident management & reporting
- Conducting risk assessments
- Internal auditing
- Vendor management
Internal Audit Services
MemberGuard’s certified auditors can provide internal auditing, IT internal auditing, compliance auditing and related risk assessment services. In addition, our services include external audit assistance, special investigations, support for acquisitions and due diligence exercises, quality reviews, NACHA compliance audits, AML/BSA/OFAC reviews, and operations audits of all business processes. All auditing services are provided on a co-sourced or fully outsourced basis.
Vendor Management
MemberGuard can provide assistance in developing a fully compliant external service provider management program which would include: due diligence prior to acquisition, written contracts with clear responsibilities. We also provide ongoing vendor oversight, including designation of an accountable executive for monitoring activities, control over remote vendor access and periodic reviews of continuity plans. We’ll coordinate with your credit union’s plans, review and monitor of performance reports, and review of service provider audits and regulatory exam reports.
Network Architecture Consulting
MemberGuard can help ensure that your credit union’s network provides the required confidentiality, integrity and availability of information with customized consultative services regarding the design and implementation of security components. Common recommendations include components such as anti-virus, web-filtering, intrusion prevention systems, network firewalls, application firewalls, and managed switches or routers. A detailed report is provided to management defining the noted vulnerabilities, associated risks and the recommended mitigation actions.
