Network Security Projects

Compass Consulting Group's Network Security engagements include

Premium Network Security and Vulnerability Assessment for a Minnesota community bank

• Independent Security Testing – Performed remote network security testing for the bank's firewall and email servers. Conducted tests of the bank's dial-in facilities, evaluated information security policies and reviewed Internet Service Provider contract.

Standard Network Perimeter Controls Review for a Kansas community bank

• Penetration Testing – Performed independent network security testing from the Internet. Conducted tests of the Bank's dial-in facilities and reviewed information security policies.

Network Security Audits for a mid-West financial services software vendor

• Internet Banking Network Security Audit – performed independent external and internal network security testing and vulnerability assessment.
• Telecommunications Audit – conducted independent network perimeter controls review and conducted vulnerability assessment of internal network components.
• Internet Banking Infrastructure Audit – Operating system integrity and security review of primary Internet banking servers.

Network Security Assessment for a large life insurance company

• Penetration Testing – Performed non-disruptive network security testing from the Internet.
• Internal Network Review – Evaluated network architecture, firewall administration and ran automated vulnerability assessment on internal servers and workstations.
• War Dialing – Performed comprehensive software-based tests to detect, identify and penetration-asses dial-in resources.
• AS/400 Operating System Assessment – Reviewed integrity and security controls for production processors.

Network Security Assessment for a 10,000 student Texas community college

• Security Policy Review – Performed a review of existing IT security policies & procedures.
• Penetration Testing – Performed non-disruptive penetration tests of both the College's Intranet and resources available from the Internet. Assessment consisted of an examination of commonly exploitable ports and services on the College's 20 servers. Network topology diagrams, IP addresses, server platforms, and other documentation were not provided until after the completion of our penetration tests.
• Network Infrastructure – Examined the existing network infrastructure, current subnetting strategy, and reviewed firewall rule base configuration and IP address translation.
• System Administration and Physical Security – Conducted a review and assessment of current system and network administration practices. Toured the various campus locations and assessed the physical security of servers, networking equipment, wiring closets, etc.
• Interface with IT and Instructional Staff – Interfaced with both IT and Instructional staff during an on-site visit to assess security awareness, identify possible concerns, and to gain an overall institutional perspective of how informational resources are utilized.
• Virus/Trojan Protection – Assessed existing anti-virus initiatives at both the server and desktop level.

IT Audit Projects

Compass Consulting Group's Information Technology Audit engagements include

IT audit consulting services for $6 billion regional bank

• GLBA Privacy Audit – Completed examination procedures to evaluate compliance with regulatory guidelines for safeguarding customer information
• Program Change Management Audit – Evaluated change management processes and controls for multiple mission critical application platforms
• ATM Application Audit – Reviewed application controls for application that supports approximately 200 ATMs
• Remote Access and Administration Audit – Evaluated technology internal controls for employee and vendor VPN access to bank systems
• Computer Operations Audit – Assessed internal controls and physical security for production computer processing
• ATM Switch Conversion Development Audit – Reviewed system development life cycle and project administration controls for ATM system implementation
• Telecommunications and Data Security – Audit of Windows NT and Novell hybrid security environment including controls over system access and production data access restrictions.
• Lending Platform Application Audit – Reviewed application controls and interfaces for distributed loan origination and documentation system
• Customer Relationship Management Application Audit – Evaluated security administration and program change management for user-controlled application
• Bookkeeping Applications Audit – Application audit of several client-server systems that support back-office operations
• Developed Audit Tracking Database – Designed and constructed a database management and reporting system to facilitate Internal Audit follow-up

IT audit consulting services for $17 billion multi-state commercial bank

• Internet Security Follow-up Audit – Conducted follow-up on Internet Security and AIX Operating System IT audits to verify effective completion of management corrective action
• AS/400 Follow-up Audit – reviewed management corrective action performed as the result of an AS/400 operating system IT audit.
• Microsoft Exchange and Windows NT Server Audits – Technical reviews of operating system security and installation configuration settings for production servers
• OS/390 Audit – Assessed security and integrity of the mainframe system software and operating system environments

Internal audit consulting services for national financial services software vendor

• Internal Audit Framework and Risk Assessment – Developed board audit committee and department charters, IT audit procedures manual, risk assessment, and annual audit plan
• Internet Banking Policy Audit – Reviewed policy portfolio for Internet banking service center
• Follow-up Audit – Followed up on management corrective action from external and internal examinations and audits
• Internet Banking Network Security Audit – performed external and internal network scans and vulnerability assessment
• Internet Banking Primary Server Audit – Operating system integrity and security review of primary Internet banking servers
• Service Center Acquisition Information Security Due Diligence – Reviewed organizational and technology control health as part of banking service center acquisition due diligence team

Information Security Program Projects

Compass Group Consultants's Information Security Program engagements include

Gramm-Leach-Bliley Compliance Audit for $6 billion regional financial institution

• GLBA Privacy Audit – Completed examination procedures to evaluate compliance with regulatory guidelines for safeguarding customer information

Risk assessment and corporate treasury system audit for Connecticut global holding company with primary interest in the energy and technology industries

• Technology risk assessment and infrastructure and application controls evaluation for Corporate Treasury distributed wire transfer system.

Risk assessment evaluation for a Washington DC federal agency

• Reviewed and Evaluated Risk Assessment activities for a federal agency's distributed disbursement application – Identified and evaluated government and industry IT risk assessment standards and guidelines. Developed threat scenarios for mainframe-based operating system security software, outlined risk areas for UNIX-based Teradata DBMS, and evaluated preventive and detective application control processes to mitigate the risk of unauthorized activity and user fraud.

Network Security Engineering Projects

Compass Group Consultants Network Security Engineering engagements include

Network Architecture, Firewall Design and Information Security Program Implementation for a Chicago consulting company

• Engineered Network Security – Designed, configured, tested and implemented network security solutions including, firewall build-out, DMZ design, intrusion detection system implementation, incident response procedures, and network redundancy design.