R. Kinney Williams - Yennik, Inc.
R. Kinney Williams

 
Yennik, Inc.

FFIEC/GLBA Internal - VISTA Penetration Study
Internal Penetration-Vulnerability Testing
for US banks, savings & loans, and credit unions

artificial intelligence, AI , ai,information security, architecture, infrastructure, and Operations , AIO, virtual IT audit, remote IT audit, IT audits, cybersecurity, cloud computing, cloud, auditing the cloud, vista, penetration, penetration study, internal, intranet, intranet test, internal test, vulnerability internet security test audit, vulnerability test, vulnerability testing, scan, scanning, web site audits, internet web site audits, internet audits, bank, banking, consulting, bank consultants, bank consultant, information systems, information systems audits, is audits, auditing, edp audit, edp audits, web page auditing, web page audits, internet auditing, penetration testing, intrusion audits, internet security, network security, internet compliance, internet compliance audits, it audits, gramm, leach, bliley, gramm leach bliley act, weblinks, weblink, weblinking, risk, risk assessment, social engineering, cloud computing, cloud, auditing the cloud, virtual machines, vmware, vm ware, vulnerability internet security test audits


The internal penetration-vulnerability test meets the independent security testing requirements of the FDIC, OCC, FRB, and NCUA as outlined in the Information Security booklet.  The requirement states in part "High-risk systems should be subject to an independent diagnostic test at least once a year."  Since your core application (customer confidential deposit and loan information) is on the network, your IT operation would be considered "high-risk." 

Our
testing company's service is used today by more than 5,700 organizations in 85 countries, including 51 of the Fortune Global 100 and performs more than 2 billion IP audits per year. It has the largest vulnerability management deployment in the world at a Fortune Global 50 company, and has been recognized by leading industry analysts for its market leadership.  In addition, they use artificial intelligence to detect known threats as well as unknown vulnerabilities.

When your financial institution needs an independent internal penetration-vulnerability test of your internal network, which includes virtual machines, the Internal-VISTA penetration test is the answer to your internal security auditing needs. 
Please complete the Internal - VISTA information request form to receive due diligence information about our company, VISTA agreement, and fees.  All communication is kept strictly confidential.

OCC’s “Audit Firm Rotation” letter dated October 12, 2016 states "There is no OCC guidance or directive to examiners that would require or promote the termination of a third-party relationship due to the length of the relationship."  You can find the complete letter at http://www.yennik.com/occ_10-12-16_rotation_letter.pdf.

FDIC in regard to changing your pen-test vendor, the FDIC letter date 11-18-16 states "The FDIC does not require financial institutions we supervise to change penetration testing firms on a periodic basis. Any such decision would be up to bank management." You can find the complete letter at http://www.yennik.com/fdic_10-18-16_rotation_letter.pdf


With the Gramm-Leach-Bliley and the regulator's information technology (IT) security concerns, it is imperative to take a professional auditor's approach to testing your internal connections to the network, which translates into the need to conduct a thorough penetration-vulnerability test of your internal computer operation including virtual machines.

We send you the pre-programmed internal scanner box that you connect to your network like a workstation.  After testing, the scanner box is returned; therefore, you have no hardware or maintenance costs.  Since we control the scanner box programming and testing, we provide the independent testing required by the regulators.  Click to enlarge the scanner box.
 The scanner box connects to the network just like a workstation.

Frequently asked questions about internal penetration-vulnerability testing.
Sample penetration-vulnerability test results used by your IT professionals - IT Project Report

The Gramm-Leach-Bliley Act, information technology best practices, bonding companies, and examiners are  requiring an independent third-party Internal security tests for banks, savings & loans, and credit unions.

We are IS auditors that only work for federally insured deposit institutions, and therefore, we understand the special regulatory requirements and security issues placed on your institutionAs auditors, we perform the vulnerability test of your Internal connection.  

The Internal-VISTA Penetration test provides your institution the independent test of your IT security required by the regulators.  The test is performed by R. Kinney Williams, CFE, CISM, CGEIT, CRISC who is an IT auditor with over 30 years experience auditing  IT departments for financial institutions.  

We have clients in 42 states and have
more than 21 years experience as a former examiner.  R. Kinney Williams is accredited by the Information Systems Audit and Control Association (ISACA) as a Certified Information Security Manager (CISM) and Certified in the Governance of Enterprise IT (CGEIT).  Mr. Williams is also a Certified Financial Examiner (CFE) by  the Society of Financial Examiners (SOFE.)

The penetration-vulnerability test focuses on your network from a internal hacker's perspective to identify vulnerabilities that will allow a hacker to infiltrate and possibly control your computer operation.   

Unlike most of the IT security testing companies, Yennik, Inc. does not sell hardware or software.  We are professional IT auditors.  We are not in competition with your contracted IT professionals.  Many outsourced IT professionals refer our services to their clients because we are an independent IT auditing company that can provide the required independence necessary for penetration-vulnerability testing.

Why should we use the Internal VISTA security testing services instead of another company?

Please complete the Internal - VISTA information request form to receive due diligence information about our company, VISTA agreement, and fees.  All communication is kept strictly confidential.

Frequently asked questions 

FREE weekly Internet Banking News - subscription form
(Every week, over 2,900 subscribers stay current with IT security,
IT regulatory issues, web site compliance, Internet privacy, and Internet security.)


We are associate members of the following organization, which do not endorse associate members.
 
Former member
Texas Independent Bankers Association 
Not IBAT endorsed
    Lubbock Chamber of Commerce  Lubbock Chamber of Commerce Member 
 Member of the Society of Financial Examiners (SOFE),
Association of Credit Union Internal Auditors (ACUIA),
The Institute of Internal Auditors (IIA), and
Information Systems Audit and Control Association (ISACA).