R. Kinney Williams - Yennik, Inc.
R. Kinney Williams

Yennik, Inc.

External - VISTA Penetration Study
External Penetration-Vulnerability Testing
for US banks, savings & loans, credit unions, and their customers

cybersecurity, cloud computing, cloud, auditing the cloud, vista, penetration, penetration study, internal, intranet, intranet test, internal test, vulnerability internet security test audit, vulnerability test, vulnerability testing, scan, scanning, web site audits, internet web site audits, internet audits, bank, banking, consulting, bank consultants, bank consultant, information systems, information systems audits, is audits, auditing, edp audit, edp audits, web page auditing, web page audits, internet auditing, penetration testing, intrusion audits, internet security, network security, internet compliance, internet compliance audits, it audits, gramm, leach, bliley, gramm leach bliley act, weblinks, weblink, weblinking, risk, risk assessment, social engineering, cloud computing, cloud, auditing the cloud, virtual machines, vmware, vm ware, vulnerability internet security test audits


Yennik, Inc. is an independent information systems auditing company that only works only for federally insured deposit institutions; and therefore, we understand the special regulatory requirements and security issues placed on your institutionAs IT auditors, we will perform and supervise the penetration-vulnerability study of your external-Internet connection for over 5,000 known vulnerabilities with 25 new vulnerabilities added each week.  Your regulators require an independent penetration-vulnerability test for any financial institution that connects the Internet to the network. 

Please complete the External - VISTA information request form to receive due diligence information about our company, VISTA agreement, and fees.  All communication is kept strictly confidential.

FYI - The FDIC, NCUA, and the OCC do not have a requirement that financial institutions change penetration testing firms on a periodic basis. Any such decision would be up to bank management.  Refer to http://www.yennik.com/fdic_10-18-16_rotation_letter.pdf http://www.yennik.com/ncua_12-21-16_rotation_letter.pdf, and at http://www.yennik.com/occ_10-12-16_rotation_letter.pdf.

The VISTA focuses on a hacker's perspective, which will help you identify real-world weaknesses. 

The penetration-vulnerability test (VISTA) meets the independent diagnostic test requirements of the FDIC, OCC, FRB, and NCUA as outlined in the FFIEC Information Security booklet.  The requirement states in part "High-risk systems should be subject to an independent diagnostic test at least once a year."  If your institution is connected to the Internet, you have a "high-risk" system because the world is connected to your network.  The VISTA penetration study and Internet security test is much more sophisticated than just port scanning.

Our testing company (Qualys*) uses the same ranking of vulnerabilities required by the Payment Card Industry, including MasterCard and Visa, require banks, merchants and Member Service Providers (MSPs) to protect cardholder information by adhering to a set of security standards.  The Payment Card Industry security standard (PCI) includes MasterCard's Site Data Protection (SDP) program and Visa's Cardholder Information Security Program (CISP).

The "Vulnerability KnowledgeBase" used to conduct your penetration-vulnerability study
is the largest and most up-to-date in the Internet security industry.  Vulnerability research today requires daily tracking of the latest threats and remedies as they change in real-time.  From this research, an average of 25 vulnerabilities are added each week to the "Vulnerability KnowledgeBase."

The Vulnerability Internet Security Test Audit (VISTA) provides a penetration study for the known vulnerabilities on over 65,000 ports.  The VISTA provides your institution the independent penetration-vulnerability test of your Internet connection required by the regulators, which is performed by an IT auditor with 34 years experience auditing  IT departments for financial institutions.  

The Gramm-Leach-Bliley Act, information technology best practices, bonding companies, and examiners are  requiring an independent third-party Internet security testing for banks, savings & loans, and credit unions.

What is an external penetration-vulnerability test? - Frequently Asked Questions 
Sample penetration-vulnerability test results used by your IT professionals - IT Project Report
Why should we use the VISTA security testing services instead of another company?

We have clients in 43 states and have more than 21 years experience as a former examiner.  R. Kinney Williams is accredited by the Information Systems Audit and Control Association (ISACA) as a Certified Information Security Manager (CISM) and Certified in the Governance of Enterprise IT (CGEIT).  Mr. Williams is also a Certified Financial Examiner (CFE) by  the Society of Financial Examiners (SOFE.)

From an auditor's perspective, R. Kinney Williams personally reviews the VISTA results and issues an audit letter to your Board certifying the results.  The test results indicate the severity of the possible vulnerabilities as "Minimal" up to "Urgent" so your network administrator will know which vulnerabilities need immediate attention.  Review the VISTA Phases and see how VISTA will work for your institution.  VISTA is affordable and there is never a charge if you are not completely satisfied with our service.  

Unlike most penetration testing companies, R. Kinney Williams & Associates does not sell hardware or software.  We are professional IT auditors and not in competition with your contracted IT professionals.  Many IT professionals across the nation refer our audit services to their clients because R. Kinney Williams & Associates is an independent IT auditing company that provides the required independence necessary for your penetration-vulnerability testing.

Please complete the External - VISTA information request form to receive due diligence information about our company, VISTA agreement, and fees.  All communication is kept strictly confidential.

* The testing company's service is used today by more than 5,700 organizations in 85 countries, including 51 of the Fortune Global 100 and performs more than 500 million IP audits per year. It has the largest vulnerability management deployment in the world at a Fortune Global 50 company, and has been recognized by leading industry analysts for its market leadership.

In addition, the testing cvompany's  PCI is the leading PCI compliance solution used by 68% of all ASVs and 46 percent of Qualified Security Assessors (QSAs) to help merchants with PCI DSS certification and validation

Our on demand approach to IT security and compliance enables organizations of all sizes to successfully achieve both vulnerability management and policy compliance initiatives cohesively, while reducing costs and streamlining operations. This has been accomplished by using an innovative Software as a Service (SaaS) approach since 1999.

FREE Weekly Internet Banking News Subscription
(The Internet Banking News covers IS security, consumer compliance on web sites,
Internet privacy, and Internet security, and is read by over 2,900 subscribers each week.)

We are associate members of the following organization, which do not endorse associate members.
 Former member 
Texas Independent Bankers Association
Not IBAT endorsed
    Lubbock Chamber of Commerce  Lubbock Chamber of Commerce Member 


Member of the Society of Financial Examiners (SOFE),
Association of Credit Union Internal Auditors (ACUIA),
The Institute of Internal Auditors (IIA), and
Information Systems Audit and Control Association (ISACA).


Company Information
Yennik, Inc.
4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119

Please visit our other auditing sites:
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA US Banks on the Internet  
US Credit Unions on the Internet
Penetration-Vulnerability Testing

 All rights reserved; Our logo Yennik, Inc. is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated

We are Americans and will never be defeated.