Security Assessments, Risk Assessments, IT Security Audits, Penetration Testing, Social Engineering, Application Testing, Information Security Policy Development & Review, Information Security Employee Awareness Training, Risk Management Software, IT Security Compliance Software, IT Audit Software
TraceSecurity is a leading provider of IT security compliance, risk, and audit management solutions. A CUNA Strategic Services partner since 2006, the company helps credit unions small and large achieve, maintain and demonstrate IT security compliance, while significantly improving their security posture. TraceSecurity delivers its solutions to credit unions through an integrated Software-as-a-Service (SaaS) platform backed by expert professional services.
Credit unions receive a 2.5% discount off of retail pricing through the CUNA Strategic Services partnership. Navigating IT security compliance standards is a complicated, ever-changing landscape for most credit unions. Having a knowledgeable partner like TraceSecurity means that your credit union’s IT staff has a go-to resource to assist them in anticipating, interpreting and responding to requirements. IT security is so important to every credit union’s reputation and to the safety of members. Credit unions have peace of mind knowing that they have a strong, integrated program in place to protect their interests.
TraceSecurity offers a comprehensive group of solutions, which is important when selecting an IT security provider. Because a credit union’s IT security systems are inter-dependent (or should be!) it is helpful to have a trusted partner that can see the whole picture and takes ownership of more than one little slice. Choosing a single, experienced source like TraceSecurity for IT security compliance, risk, and audit management solutions, provides an effective, orchestrated, dependable end-to-end solution.
Comprehensive Security Assessments: FFIEC and NCUA IT security compliance regulations and guidelines require that a credit union have vulnerability/security assessments performed by an independent third party. The TraceSecurity Comprehensive Security Assessment was designed specifically to meet these regulatory requirements and address the needs of credit unions of all sizes.
Risk Assessments: FFIEC and NCUA IT security compliance regulations and guidelines require a credit union to conduct a risk assessment. TraceSecurity’s Risk Assessment follows methodologies designed to meet regulatory requirements and best practice guidelines based on international standards. The risk assessment process is captured and managed through TraceSecurity’s RiskManager software that automates the process and provides a foundation for future risk assessments.
IT Security Audits: FFIEC and NCUA IT security compliance regulations and guidelines require a credit union to conduct independent audits of their information security program. An IT security audit will compare the credit union’s current security controls to established standards. The TraceSecurity IT Security Audit process will help the credit union evaluate the utility of and adherence to its information security policy controls. The entire audit process is managed through the TraceSecurity IT Audit Manager, automating the process and providing a foundation for future IT security audits.
Penetration Testing: Best practices state that each credit union should perform an external and internal penetration test, in addition to regular security assessments, in order to ensure the security of their external and internal networks. Penetration tests differ from a vulnerability assessment in that they actually exploit the vulnerabilities to determine what information is exposed. A penetration test mimics the actions of an actual attacker exploiting weaknesses in the network security without the usual dangers. These tests examine IT systems for any weakness that could be used by an attacker to disrupt the confidentiality, availability, or integrity of the network, thereby allowing the credit union to address each weakness.
Social Engineering: Failure of employees to follow the security policies and procedures of the credit union is a major vulnerability to an information security program. Social engineering testing is the best way for a credit union to test whether its employees are following its policies and procedures. TraceSecurity experts will attempt to persuade a credit union’s employees to allow them unauthorized access to confidential information. When TraceSecurity performs this test, the credit union can identify failure points and train staff in order to prevent an actual breach. TraceSecurity has designed techniques that can be performed both onsite and remotely.
Application Testing: Web applications have become common targets for hackers, because they often contain application layer vulnerabilities. Hackers can leverage a relatively simple vulnerability to gain access to confidential information such as credit card data and social security numbers. TraceSecurity’s web application testing methodology is almost entirely manual – rather than using automated scanners – to ensure credit union applications are secure.
Information Security Policy Development & Review: FFIEC and NCUA IT security compliance regulations and guidelines require a credit union to create a written information security program, including policies and procedures, designed to protect confidential information, including Non-Public Personal Information (NPPI). Incorporating these policies and procedures requires an in-depth level of security compliance expertise, with the potential to significantly impact credit union staff resources. TraceSecurity offers policy review and development services that assess a credit union’s existing information security policies to determine compliance with relevant regulations.
Information Security Employee Awareness Training: Failure of employees to implement security practices is a major vulnerability to a credit union’s information security program. This is why IT security guidelines require credit unions to train employees on security policies and procedures. You can rely on TraceSecurity’s experts to provide security training to your employees. While this training includes IT security best practices, it is also customizable to include the credit union’s specific IT security policies and procedures and results of recently performed assessments or social engineering engagements.
Risk Management Software: TraceSecurity has developed its Risk Manager solution to automate the risk assessment process, enabling a credit union to efficiently perform its own, on-demand risk assessment in a cost-effective manner. Risk Manager is a SaaS solution that eliminates the need to install or maintain the software on the credit union’s network. Risk Manager provides a seamless transition from the TraceSecurity Risk Assessment to an in-house managed risk assessment program.
IT Security Compliance Management Software: Because of the constantly changing credit union environment (new vulnerabilities, new employees, new/modified regulations), it is necessary for credit unions to continuously assess their information security program. TraceCompliance Manager is a centralized, on-demand, web-based, modular solution that facilitates a continuous information security program. TraceSecurity Compliance Manager is a SaaS solution that eliminates the need to install or maintain the software on the credit union’s network. TraceCompliance Manager provides a seamless transition from the security assessment to an in-house self-assessment program.
IT Audit Software: TraceSecurity has developed its IT Audit Manager solution to automate the IT security audit process, enabling a credit union to efficiently perform its own on-demand IT security audit in a cost-effective manner. IT Audit Manager is a SaaS solution that eliminates the need to install or maintain the software on the credit union’s network. IT Audit Manager provides a seamless transition from the TraceSecurity IT Security Audit to an in-house managed IT audit program. IT Audit Manager is included with TraceSecurity’s comprehensive IT security audit solutions. TraceSecurity also provides service-only options and IT Audit Manager as a standalone offering.