TraceSecurity is a leading provider of IT security compliance, risk, and audit management solutions. A CUNA Strategic Services partner since 2006, the company helps credit unions small and large achieve, maintain and demonstrate IT security compliance, while significantly improving their security posture. TraceSecurity delivers its solutions to credit unions through an integrated Software-as-a-Service (SaaS) platform backed by expert professional services.
Credit unions receive a 2.5% discount off of retail pricing through the CUNA Strategic Services partnership. Navigating IT security compliance standards is a complicated, ever-changing landscape for most credit unions. Having a knowledgeable partner like TraceSecurity means that your credit union’s IT staff has a go-to resource to assist them in anticipating, interpreting and responding to requirements. IT security is so important to every credit union’s reputation and to the safety of members. Credit unions have peace of mind knowing that they have a strong, integrated program in place to protect their interests.
TraceSecurity offers a comprehensive group of solutions, which is important when selecting an IT security provider. Because a credit union’s IT security systems are inter-dependent (or should be!) it is helpful to have a trusted partner that can see the whole picture and takes ownership of more than one little slice. Choosing a single, experienced source like TraceSecurity for IT security compliance, risk, and audit management solutions, provides an effective, orchestrated, dependable end-to-end solution.
TraceCSO: This comprehensive software solution transforms complex IT GRC (Governance, Risk and Compliance) into an easy-to-manage business application. TraceCSO puts enterprise-class IT GRC management within the reach of all credit unions — especially small and medium-sized institutions that may not have the benefit of a chief security officer or IT security team. With TraceCSO, credit unions are able to internally implement and manage a complete, ongoing information security program. From risk assessment to audit management and compliance reporting, TraceCSO provides built-in best practices, security expertise and regulatory change management.
Security Assessments: FFIEC and NCUA IT security compliance regulations and guidelines require credit unions to have vulnerability/security assessments performed by an independent third party. TraceSecurity’s Security Assessment was designed to meet these regulatory requirements and address the needs of credit unions.
Risk Assessments: FFIEC and NCUA IT security compliance regulations and guidelines require credit unions to conduct risk assessments. TraceSecurity’s Risk Assessment follows methodologies designed to meet regulatory requirements and best practice guidelines based on international standards. The risk assessment is delivered through software that automates the process and provides a foundation for future risk assessments.
IT Security Audits: FFIEC and NCUA IT security compliance regulations and guidelines require credit unions to conduct independent audits of their information security. An IT security audit will compare the credit union’s current security controls to established standards. TraceSecurity’s IT Security Audit process will help the credit union evaluate the utility of and adherence to its information security policy controls. The entire audit process is delivered through software that automates the process and provides a foundation for future IT security audits.
Penetration Testing: To ensure the security of external and internal networks, best practices state that each credit union should perform an external and internal penetration test in addition to its regular security assessments. Penetration tests differ from a vulnerability assessment in that they actually exploit vulnerabilities to determine what information is exposed. A penetration test will mimic the actions of an actual attacker and examine the credit union’s IT systems for weakness that could be used by an attacker to disrupt the confidentiality, availability, or integrity of the network.
Social Engineering: A major vulnerability to information security is the failure of employees to follow security policies and procedures. Social engineering testing is the best way for a credit union to discover whether employees are following policies and procedures. TraceSecurity experts will attempt to persuade credit union employees to allow them unauthorized access to confidential information. When TraceSecurity performs this test, the credit union can identify failure points and train staff to prevent an actual breach. TraceSecurity has designed techniques that can be performed both onsite and remotely.
Application Testing: Because web applications often contain application-layer vulnerabilities, they have become common targets for hackers. Hackers can leverage a relatively simple vulnerability to gain access to confidential information such as credit card data and social security numbers. TraceSecurity’s web application testing methodology is almost entirely manual — rather than using automated scanners — to ensure credit union applications are secure.
Information Security Policy Development and Review: FFIEC and NCUA IT security compliance regulations and guidelines require a credit union to create a written information security program, including policies and procedures, designed to protect confidential information, including Non-Public Personal Information (NPPI). Incorporating these policies and procedures requires an in-depth level of security compliance expertise, with the potential to significantly impact credit union staff resources. TraceSecurity offers policy review and development services that assess a credit union’s existing information security policies to determine compliance with relevant regulations.
Information Security Employee Awareness Training: The failure of employees to implement security practices is a major vulnerability to a credit union’s information security. This is why IT security guidelines require credit unions to train employees on security policies and procedures. You can rely on TraceSecurity’s experts to provide security training to your employees. While this training includes IT security best practices, it is also customizable to include the credit union’s specific IT security policies and procedures and results of recently performed assessments or social engineering engagements.
Wireless Assessment: Wireless networks require close monitoring and periodic assessments to mitigate exposure to security threats. TraceSecurity offers an onsite wireless security assessment and penetration test that gives your organization a detailed look at the risk of your wireless network.