Superior Consulting, LLC - Services - Information Technology

Regulatory Compliance
Information Technology
Specialty Services

Legacy Bank and Trust has benefited greatly from its relationship with Superior Consulting. Their staff is experienced and well qualified. We have found that once we have completed an audit from Superior, we are more than ready for an examination from our regulators. Superior has helped us identify and correct weaknesses in our systems and policies before an examination. Our examinations have been cleaner and quicker over the years since we have been their client and we anticipate using them for years to come.
John Everett CEO - Legacy Bank and Trust
Rogersville, MO

Year after year, Superior Consulting, LLC continues to guide us in enhancing and strengthening our BSA and IT programs in the ever changing world of banking. They provide in-depth reviews with excellence recommendations which aide us in all of our regulatory compliance obligations. Superior’s knowledgeable consultants are always willing and available to answer any questions we might have even after reviews are completed.
Grace Eisenhour Operations, Compliance - First National Bank
Hays, KS


	Information Technology Services Offered Include the Following: All reviews are customizable to the audit scope established by your organization. Please contact us to further discuss our services. Penetration Testing A penetration test reviews the ability of unauthorized individuals to gain access to IT systems from outside your organization. This test generally consists of a scan of the bank’s external network interface, as well as a review of the bank’s public internet protocol (IP) space and review of any open external ports. Vulnerability Assessment A vulnerability assessment tests your IT systems for weaknesses to known vulnerabilities that are utilized by unauthorized individuals to gain access to your IT systems. A vulnerability assessment is essentially an internal scan of network devices designed to determine the presence and nature of any noted vulnerabilities and weaknesses. IT Technical Assessment The technical assessment is the flagship service within Superior’s lineup of technical service offerings. This in-depth, comprehensive evaluation includes penetration testing, vulnerability assessment, and reviews of additional key technology deployments within your environment against industry standards and organizational policy. The areas reviewed within this service offering include, but are not limited to, the following: Operating system policies and security settings; Firewall configuration; Anti-virus and anti-spyware configuration; Intrusion Detection/Prevention System configuration; Password standards & strength Network architecture and deployment standards; Logging policies and review procedures; Back-up methodologies; Physical access controls; Website and web server configuration. Social Engineering Social engineering is defined as the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical hacking techniques. Our social engineering services are designed to test the adequacy of your institution’s training and awareness programs in relation to the prevention of these compromises. These services can be tailored to meet the exact needs of each client and may consist of telephone, e-mail, or physical social engineering exercises. IT Control Review The control review is designed to assess operational IT areas for compliance with outstanding regulatory guidance, organizational policies, and industry best practices. The areas encompassed by this review include, but are not limited to, the following: Audit Management Business Continuity Planning Incident Response Vendor Management Wire Transfers ACH Activities Electronic Banking User Access Controls Gramm-Leach-Bliley Act (GLBA) Review The GLBA review is a focused assessment of your institution’s compliance with the banking industry’s most significant information security legislation: the Gramm-Leach-Bliley Act of 1999. The GLBA prompted the establishment of regulatory requirements for an information security program and risk assessment and is considered a foundational element for regulatory guidance issued by various agencies, as well as the FFIEC, in regard to effective IT risk management. This review is generally completed as a component of our IT Control Review and provides an evaluation of the status of a bank’s GLBA compliance program. Policy Development *Information Security Program (ISP) and Risk Assessment (RA)* In response to the extensive demands of the GLBA, Superior Consulting began the development of a template program for creation of a comprehensive ISP and RA. Since beginning the development of our ISP and RA templates in 2004, we have provided our program to over 100 institutions throughout the Midwest. We have also striven to constantly update this program in response to new regulations, revised examiner “hot-buttons”, and changes within the technology environment, which has resulted in over thirty versions of our ISP program since its inception. Sample Excerpts from our ISP Program Template: *Other Policies* In addition to the development of the ISP and RA, Superior Consulting has also developed the following policy templates to meet the IT governance needs of our client institutions: Business Continuity Plan; Business Impact Analysis; Identity Theft Policy Electronic Banking Policy Wire Transfer Policy Automated Clearing House (ACH) Policy Audit Policy Pandemic Preparedness Plan Unlawful Internet Gambling Enforcement Act (UIGEA) Policy Other IT Consulting Services In addition to the review and policy development services discussed above, we also offer the following consulting services: Network Architecture and Efficiency Studies & Evaluations 3^rd Party Due Diligence Reviews Service Provider Evaluations IT Staffing Assessments Review of New Technology Deployments