PERITUS HOME     CREDIT UNIONS      ABOUT US     SERVICES       CONTACT     FAQ
FAQ                  
What is ISO 27001?
Answer: ISO 27001 is a published and accepted standard that is meant to act as a model for implementing, operating, monitoring, reviewing, maintaining, and improving Information Security Management Systems. This impacts credit unions in a positive way because guiding security actions with ISO 27001 as a framework of reference will allow you to capture all of the needs for legislative security compliance.  Peritus models the audit and assessments methodologies around ISO 27001 and thus is able to satisfy many requirements mandated by multiple compliance acts.

What if I am not in compliance?
Answer: If you are not incompliance, penalties and even imprisonment can result.  Of course it all depends on what act you are not in compliance with, but as a good example, GLBA stipulates that a credit union can be fined ten thousand dollars for each instance of non-compliance and officers can be imprisoned.  However, the road to satisfying legislative requirements begins with due diligence, and getting started on building sound information security is relatively simple.

What qualifies Peritus to be my partner in this?
Answer: The Peritus team consists of individuals that have many years of experience in information security and  technology.  Our staff is capable of understanding diverse customer needs because we have worked closely with all types of customers.  Whether the organization is small, medium, or large - Peritus tailors the approach to information security using sound industry principles.  Our staff credentials include team members with  the Certified Information Systems Auditor (CISA) designation, as well Master Degrees in Information Assurance (MSIA) from universities accredited by the National Security Agency (NSA).  Peritus employees also have many vendor certifications such as the Microsoft Certified Systems Engineer (MCSE) and the Cisco Certified Network Engineer (CCNE) to name just a few.  Keeping up to date with industry standards allows Peritus to understand today's technologies and security requirements on both a strategic and tactical level.

What is the difference between an assessment and an audit?
Answer:  For clarification under ISACA and IFPA standards: the Audit is a formal process performed by a qualified independent auditor. The audit generates a report viewed to represent a high assurance of truth.  Audits are used in assessed reporting engagements.  Assessments are less formal and frequently more cooperative with the people/objects under scrutiny. The assessment report is viewed to have lower value (moderate to low value) when compared to Audit. Assessments can include both outsider's and internal self-assessments. The true value of the assessment is to create a sense of ownership by the user.  Assessments are excellent vehicles for training and awareness. The goal  of an assessment is to help the user/staff work towards improving their score.  However the audit is the score that actually counts for regulatory compliance purposes. Remember the basic control requirement is to separate the "worker" from the person providing "authorization" (separation of duties). Assessments are considered bias since the separation is not clean as it would be under a formal independent audit.

- David Cannon, Author of the CISA Study Guide
 
Information Security Audits
Compliance Requirements
Electronic & Physical Control
Risk Assessment & Mitigation
Perimeter Analysis
Policy Adherence & Review
Remediation Planning
Vulnerability Scanning
Audit Documentation
Security Risk Assessments
Information Security Overview
Internal and External Scanning
Operations Review
Process Analysis
Assessment Scorecard
Exploit Discovery
Regulatory Compliance
ISO 27001 Frameworks
NCUA Compliance
FFIEC Compliance
GLBA Compliance
PCI Compliance
Sarbanes-Oxley Compliance
Penetration Testing
Trusted Exploitation
Code Validation
Social Engineering

Policy Documentation
Business Continuity Planning
Disaster Recovery Planning
Copyright © 2007 Peritus Security Partners, LLC. All rights reserved.