The document describes the security assessment and auditing services provided by BAI Security. It outlines their assessment methodology, which employs standards like COBIT and complies with regulations. It also details the types of evaluations performed, including vulnerability testing, social engineering, firewall/wireless reviews, antivirus protection and network best practices. The conclusion cites a BAI Security study that found 73% of banking/finance clients had serious undetected security risks prior to engaging them.

1. Accurately validating your security posture and ensuring compliance
with best-of-breed tools and industry-leading methodologies.
IT Security Assessment
WHY USE BAI SECURITY?
Exceptional experience in IT,
Auditing, and Compliance; in
business for nearly two decades.
We only utilize best-in-breed
assessment and auditing
products; no open-source or
freeware tools.
We only utilize seasoned,
vetted, and in-house auditors
who are routinely tested and
retrained.
Our audit depth and accuracy is
second to none as confirmed by
our clients’ feedback.
The design of our audit
deliverables is based on direct
feedback from our clients &
actual regulators.
The Banking and Finance sector
represents 90% of our client
base; industry specialization.
The common high-volume low-value approach to IT security assessments
may be leaving your organization with a false sense of security.
Alternatively, BAI Security offers one of the highest-caliber audits in the
industry ensuring an accurate assessment of your security posture.
With today’s security threats against the financial sector at an
all-time high, choosing the right audit vendor is a critical
business decision.
IT Audit & Compliance Specialists
Assessment Methodology
BAI Security’s Audit Methodology consists of -
 Only best-of-breed vulnerability testing tools
 No use of freeware or open-source testing tools
 Regulatory and best-practice audit standards
Depth of Assessment
Being comprehensive ensures audit accuracy -
 The best tools and methodology produce audit depth
 Comprehensive coverage of all risk areas
 Industry-leading vulnerability depth and accuracy
Best-in-Class Deliverables
Innovative customer and regulator designed reports -
 Innovative industry and best-practice comparisons
 Executive Reports clearly convey risks and priorities
 Reports designed in conjunction with target audience
Dedicated Security Focus
BAI Security is strictly focused on audit and compliance-
 Specialization contributes to our top-auditor status
 We concentrate our efforts on security and compliance
 We remain objective by not providing ancillary services
Contact us for a free consultation.
2401 W. HASSELL ROAD, SUITE 1540, HOFFMAN ESTATES, IL 60169 | 847.410.8180 | WWW.BAISECURITY.NET

2. The overall Security Audit Methodology utilized in our audit engagements, as developed by BAI Security,
employs the key auditing standards of COBIT (Control Objectives for Information and Related
Technology) as defined by the Information System Audit and Control Association (ISACA), as well as the
widely accepted common compliance standards of GLBA, SOX, HIPAA, PCI, NERC, and others.
SOCIAL ENGINEERING EVALUATIONS
Social engineering has long been one of the most
common means for hackers to gain unauthorized
access to internal production systems.
Unfortunately, in many environments internal users
will divulge sensitive information to unauthorized
individuals when approached with a cleverly
crafted dialog by an outsider to the organization.
BAI Security offers a multitude of non-threatening
phone, in-person, and an email-based evaluation
scenarios to fully evaluate this area of risk.
VULNERABILITY & PENETRATION TESTING
As a core component of any information security
audit, BAI Security provides one of the most
comprehensive vulnerability and penetration testing
services available in the market today. BAI
Security is well known for providing a superior
level of depth and accuracy with our vulnerability
and penetration testing. Depending on the
operating system and applications being tested,
BAI Security scans for more than 12,000 common
and lesser-known vulnerabilities, including missing
patches, insecure settings, and risky deviations
from best practice.
Audit. Improve. Advance. Refine.
“BAI Security has been our security consultant
since 2004. They have worked with our company to
ensure we are compliant and secure in areas of our
network infrastructure, vulnerability management,
best practices and social engineering. The BAI
Security team has been professional, interactive
with our teams and positively impacting to our
growth. We highly recommend
them." [ EXECUTIVE VP OF IT ]
Contact us for a free consultation.
2401 W. HASSELL ROAD, SUITE 1540, HOFFMAN ESTATES, IL. 60169 | 847.410.8180 | WWW.BAISECURITY.NET
FIREWALL & WIRELESS EVALUATIONS
The Firewall & Wireless Audit options are a vital
component to any comprehensive audit and are
highly recommended due to the importance of these
key devices. Installing a firewall can provide a
false sense of security if not properly implemented.
Both firewall and wireless devices will be reviewed
in detail to ensure proper design, implementation,
and administration. BAI Security will not only
ensure proper implementation, but adherence to
best practices and/or regulatory compliance
standards, as well.
ANTIVIRUS PROTECTION EVALUATIONS
With the increased frequency and more importantly,
the growing level of sophistication of malware in
the world today, security professionals recognize
that malware is a primary method for hackers to
gain unauthorized access and cause denial of
service to businesses. The Antivirus/malware
evaluation will ensure that your antivirus protection
is properly implemented, administered, and
monitored, as necessary, to protect against security
threats that could create a backdoor to corporate
systems and/or cause denial-of-service.
NETWORK BEST PRACTICE EVALUATIONS
Unused accounts, active accounts from terminated
employees, excessive use of administrative rights,
improperly assigned permissions, use of non-
standard password expiration and complexity, poor
use of security groups, no monitoring of failed
logon attempts are just a few of the key risks
identified in this important audit option. The
Operating System Security audit takes a detailed
look at the design, implementation, administration,
and monitoring of core systems to ensure
compliance, protection, and business continuance.
If your organization is like the vast majority of your
peers in the banking and finance sector, there is an
73% chance you’re operating under
a false sense of security.
BAI Security recently performed a study that analyzed
the results from hundreds of their IT Assessments in the
banking and finance sector. The findings stated that
73% of the organizations audited by BAI Security were
determined to have serious security risks that went
undetected in previous audits, which could have allowed
for Denial-of-Service (DoS) or system compromise.
Key facts determined in the study:
 Organizations that fell into the 73% group noted above
had major deficiencies in their vulnerability audit
findings with previous vendors.
 Switching to BAI Security for their IT Assessment
revealed a significant amount of previously undetected
security risks in their core operating system and/or
their primary applications.