Information Technology Audit

Identify Weaknesses in IT Controls

To continually improve your IT security posture, it’s important to regularly audit the internal controls you have in place. Independent testing of the design and effectiveness of your controls will help mitigate internal and external IT security risks and vulnerabilities.

When you partner with Tyler, we will identify control weaknesses and security vulnerabilities within the deployment, management, operation, and utilization of your network and information systems. Our audit work plan is designed to be flexible and may be adjusted based on your organization’s IT risk assessment, related IT policies, examiner comments, and/or discussions with management. At a minimum, the IT Audit will include your organization’s network, hosts, core application, and related systems.

Your Tyler Cybersecurity Advisor provides recommendations to assist management in remediating any identified IT control deficiencies and help your organization strengthen its security posture.

Our Methodology

This engagement takes into consideration key aspects of IT audits outlined by regulatory guidelines and as updated by regulatory agencies. Our process incorporates:

  • Interviews and observations
  • Tracing documents to management policies
  • Review of electronic data management practices
  • Review of documents and tracing data to source documents

The Audit categories reviewed are as follows:

  • Information Security Governance (e.g. – risk management, governance, policies)
  • Access Control (e.g. – remote access, account management, logging)
  • Security Operations (e.g. – vulnerability management, patching, change management)
  • Physical Security (e.g. – datacenter, data destruction)
  • Personnel Security (e.g. – training, background checks)
  • Network Security (e.g. – firewall, wireless connectivity, network architecture) Incident Response (e.g. – incident reporting, notification, testing)
  • Business Continuity / Disaster Recovery (e.g. – impact analysis, training and testing)

Reports and Deliverables

The report is delivered in an interactive, dynamic HTML format enabling you to sort findings by category results or by severity. It includes a description of the work performed, any inherent limitations, and detailed findings and recommendations. A summary of the findings is presented in an Executive Report and a corresponding interactive report provides the details for each of the controls and findings.

We classify our recommendations by level of importance considering the type and severity of IT risk. Some recommendations may be policy or procedural in nature, while others will be enhancements proposed to your technical environment. All such recommendations will be drafted, reviewed with your management team and then finalized into a report to the organization. This review process will assure that our team has a full understanding of all the appropriate facts and circumstances at the institution.

The Tyler Cybersecurity Lifecycle

Cybersecurity isn’t a destination.

Cybersecurity Lifecycle

There is no single, straight path that will get you to the point where you can say, “We did it! We’re 100% cyber-secure.”

A more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions, so you can withstand and recover rapidly from disruptions. Achieving cyber resilience depends on what we like to call the cybersecurity lifecycle – an ongoing cycle of interconnected elements that compliment and reinforce one another.

Learn More