Solutions Designed for the Financial Industry

Client Testimonials

As one of the fastest growing community banks in California, Premier Valley Bank sought a strategic IT partner that could not only handle our diverse and deep technical needs but also understood the banking industry.We have worked with Several other IT firms in the past, and HEIT is the only ...

Carl Goodman  Information Systems Manager
Premier Valley Bank

Read More HEIT Testimonials

Keep up with the latest news

Sign up for our HEIT eNewsletter to keep abreast of trends, product news and upcoming events.

 

Penetration Testing

With penetration testing, HEIT’s experts use our security testing systems that have a combination of commercial, in-house, and open-source tools to prove the existence of certain vulnerabilities on your critical financial systems from an external and/or internal point.

 

During the penetration testing, we attempt to uncover and exploit vulnerable systems in order to prove that, via a known or unknown vulnerability, an attacker could obtain sensitive information about a system and/or company data. Unlike other Vulnerability Assessments, which only identify the existence of known vulnerabilities, penetration tests actually attempt to exploit vulnerabilities both known and unknown, while providing real world evidence of what attackers could do. These tests are useful as validation of your current security controls, bring security awareness to the forefront, and can serve as a learning tool to your staff and executive team.

Penetration Test Methodology

Identify (also see Vulnerability Assessment)

This consists of gathering and documenting as much public information as possible to identify vulnerabilities. This is conducted through a series of scans, research, reverse engineering, and Social Engineering

Confirm

This is the actual Penetration Test portion. Based on the information discovered in the Identification phase of vulnerable targets, HEIT will then investigate these targets further. If requested, HEIT can then attempt to exploit and weakness and provide proof of evidence for any successful exploitation.

Report

Upon completion of the Confirmation Phase, HEIT will then provide a detailed report of the findings to include the following:

  • Executive Summary – This report will summarize the findings, the business risks associated, and recommendations that can be presented to the board.
  • Summary of Findings – This explains our process and methodology as well as a summary of medium and high level risks. This document is typically used by senior management and IT staff as a roadmap for the various changes that may need to be made. This is typically the document that would be provided to an audit team and examiners.
  • Detailed Findings – List of all of the risks and vulnerabilities that were found and our recommendations for mitigating these risks. It explains the risk, the consequences, and the technical solution for resolving the vulnerability. This document is typically used by the bank’s technical staff or technology partner.
  • Closing Meeting – a closing meeting will be scheduled to review all of the reports and discuss remediation recommendations.

Mitigate

HEIT will then be available, upon request, to assist in creating a remediation action plan and then assist in carrying the required steps of this plan. If necessary, HEIT can re-run Identification and the Confirmation phases to confirm that the remediations were effective.
Privacy | Contact | Sitemap | Careers
© 2002-2008 HEIT, Inc.