14 Hoosier Banker September 2015 PSP SHOWCASE In the world of technology, 15 years is a long time. For perspective, look back to 2000, the founding year of Infotex, an Indiana Bankers Association Preferred Service Provider for many years. It was a simpler time then – 9/11 had not taken place, corporate account takeovers were unheard of, and Internet banking had not yet caught hold. Dan Hadaway, founding partner of Infotex, credits the company’s relationship with the Indiana banking community for the tech-longevity of Infotex. He recalls, “Joe DeHaven and Laurie Rees of IBA were two people who did think that cybersecurity was important. Thanks to the Association, Infotex has been assisting banks in many areas regarding information technology risk management.” Wellknown to Hoosier bankers, Hadaway oversees the audit and cyberconsulting services of Infotex and is a regular at IBA educational events, for example serving as moderator of the information technology conference* since its inception. He has long been certified in information security. The network monitoring service of Infotex, which has evolved to what is widely known as a SIEM (security information event management) system, has been continually growing in sophistication. Infotex has the ability to help banks: respond to audit and examination findings, achieve maturity in cybersecurity controls and address common examination findings. As Hadaway notes: “Banks which have given the keys of the kingdom to one or two people are being asked by examiners, ‘Who is watching the watchers?’” Infotex clients appreciate the segregation benefits of the firm’s monitoring services. Network administrators understand that event data collected forensically by a third party may be needed to prove non-complicity in cyberbreaches. Meanwhile the user monitoring process solves a tricky exam-finding source called termination processing. “Imagine seeing a report from a third party,” explains Hadaway, “showing not only every asset the terminated employee had access to, but exactly when that access was disabled.” In fact Hadaway calculates that the new cybersecurity assessment tool will put Infotex on the “network monitoring map.” Not only does the firm’s SIEM provide visibility into network event logs coming from servers, domain controllers and other traditional devices, but the company has been importing logs from critical applications such as email, teller systems, mortgage origination applications, mobile and Internet banking applications, etc. This step allows complete visibility into potential issues on a 24x7x365 basis. Because Infotex provides monitoring services, the company is part of the technology service provider examination program of the Federal Financial Institutions Examination Council, putting it regularly on the receiving end of examinations and audits. This understanding of the process assists in providing accurate audit services, risk assessments, IT management practices reviews and Internet banking controls reviews. Bank clients enjoy peace of mind, because Infotex knows what needs to be reviewed to be prepared for any ITrelated examination. Infotex offers around-the-clock monitoring of its SIEM, which at full service includes intrusion prevention and detection, event log management, change detection, Web defacement monitoring and vulnerability management against a security baseline that is established in the deployment (and re-tuning) process. Within the area of audit and assessment services, Infotex offers multiple thirdparty cybersecurity assessments. Additional considerations include social engineering, IT management practices, security procedures in accordance with regulatory About the Author Rod Lasley is vice president-products & services of the Indiana Bankers Association, and also serves as president of the for-profit companies owned by the IBA. He can be reached at 317-387-9380, email: rlasley@indianabankers.org. Infotex: Established Expert in the New Cyberworld
RkJQdWJsaXNoZXIy MTg3NDExNQ==