Accurately validating your security posture and ensuring compliance with best-of-breed tools and industry-leading methodologies.

IT Security Assessment

WHY USE BAI SECURITY? Exceptional experience in IT,

Auditing, and Compliance; in business for nearly two decades.

We only utilize best-in-breed

assessment and auditing products; no open-source or freeware tools.

We only utilize seasoned,

vetted, and in-house auditors who are routinely tested and retrained.

Our audit depth and accuracy is

second to none as confirmed by our clients’ feedback.

The design of our audit

deliverables is based on direct feedback from our clients & actual regulators.

The Banking and Finance sector

represents 90% of our client base; industry specialization.

The common high-volume low-value approach to IT security assessments may be leaving your organization with a false sense of security. Alternatively, BAI Security offers one of the highest-caliber audits in the industry ensuring an accurate assessment of your security posture.

With today’s security threats against the financial sector at an all-time high, choosing the right audit vendor is a critical business decision.

IT Audit & Compliance Specialists

Assessment Methodology

BAI Security’s Audit Methodology consists of -

Only best-of-breed vulnerability testing tools No use of freeware or open-source testing tools Regulatory and best-practice audit standards

Depth of Assessment

Being comprehensive ensures audit accuracy -

The best tools and methodology produce audit depth Comprehensive coverage of all risk areas Industry-leading vulnerability depth and accuracy

Best-in-Class Deliverables

Innovative customer and regulator designed reports -

Innovative industry and best-practice comparisons Executive Reports clearly convey risks and priorities Reports designed in conjunction with target audience

Dedicated Security Focus

BAI Security is strictly focused on audit and compliance-

Specialization contributes to our top-auditor status We concentrate our efforts on security and compliance We remain objective by not providing ancillary services

Contact us for a free consultation. 2401 W. HASSELL ROAD, SUITE 1540, HOFFMAN ESTATES, IL 60169 | 847.410.8180 | WWW.BAISECURITY.NET

The overall Security Audit Methodology utilized in our audit engagements, as developed by BAI Security, employs the key auditing standards of COBIT (Control Objectives for Information and Related Technology) as defined by the Information System Audit and Control Association (ISACA), as well as the widely accepted common compliance standards of GLBA, SOX, HIPAA, PCI, NERC, and others.

SOCIAL ENGINEERING EVALUATIONS Social engineering has long been one of the most common means for hackers to gain unauthorized

access to internal production systems. Unfortunately, in many environments internal users will divulge sensitive information to unauthorized

individuals when approached with a cleverly crafted dialog by an outsider to the organization.

BAI Security offers a multitude of non-threatening phone, in-person, and an email-based evaluation

scenarios to fully evaluate this area of risk.

VULNERABILITY & PENETRATION TESTING As a core component of any information security

audit, BAI Security provides one of the most comprehensive vulnerability and penetration testing

services available in the market today. BAI Security is well known for providing a superior

level of depth and accuracy with our vulnerability and penetration testing. Depending on the

operating system and applications being tested, BAI Security scans for more than 12,000 common and lesser-known vulnerabilities, including missing

patches, insecure settings, and risky deviations from best practice.

Audit. Improve. Advance. Refine.

“BAI Security has been our security consultant since 2004. They have worked with our company to ensure we are compliant and secure in areas of our network infrastructure, vulnerability management, best practices and social engineering. The BAI Security team has been professional, interactive with our teams and positively impacting to our growth. We highly recommend them." [ EXECUTIVE VP OF IT ]

Contact us for a free consultation. 2401 W. HASSELL ROAD, SUITE 1540, HOFFMAN ESTATES, IL. 60169 | 847.410.8180 | WWW.BAISECURITY.NET

FIREWALL & WIRELESS EVALUATIONS The Firewall & Wireless Audit options are a vital component to any comprehensive audit and are

highly recommended due to the importance of these key devices. Installing a firewall can provide a

false sense of security if not properly implemented. Both firewall and wireless devices will be reviewed in detail to ensure proper design, implementation,

and administration. BAI Security will not only ensure proper implementation, but adherence to

best practices and/or regulatory compliance standards, as well.

ANTIVIRUS PROTECTION EVALUATIONS With the increased frequency and more importantly,

the growing level of sophistication of malware in the world today, security professionals recognize that malware is a primary method for hackers to

gain unauthorized access and cause denial of service to businesses. The Antivirus/malware

evaluation will ensure that your antivirus protection is properly implemented, administered, and

monitored, as necessary, to protect against security threats that could create a backdoor to corporate

systems and/or cause denial-of-service.

NETWORK BEST PRACTICE EVALUATIONS Unused accounts, active accounts from terminated employees, excessive use of administrative rights,

improperly assigned permissions, use of non-standard password expiration and complexity, poor

use of security groups, no monitoring of failed logon attempts are just a few of the key risks identified in this important audit option. The

Operating System Security audit takes a detailed look at the design, implementation, administration,

and monitoring of core systems to ensure compliance, protection, and business continuance.

If your organization is like the vast majority of your peers in the banking and finance sector, there is an

73% chance you’re operating under a false sense of security. BAI Security recently performed a study that analyzed the results from hundreds of their IT Assessments in the banking and finance sector. The findings stated that 73% of the organizations audited by BAI Security were determined to have serious security risks that went undetected in previous audits, which could have allowed for Denial-of-Service (DoS) or system compromise.

Key facts determined in the study:

Organizations that fell into the 73% group noted above had major deficiencies in their vulnerability audit findings with previous vendors.

Switching to BAI Security for their IT Assessment revealed a significant amount of previously undetected security risks in their core operating system and/or their primary applications.