credit union newsToday we have another great blog post from our friends over at Credit Union Resources. Idrees Rafiq, Jr., AVP of IT Consulting at CUR brings us a post about the differences between vulnerability assessment testing and penetration testing when it comes to your IT systems.

Although similar in nature, external vulnerability assessment testing and penetration testing are quite different. Both identify security vulnerabilities on the perimeter of a network that a hacker would be able to use to compromise the credit union’s network. The differences reside in scope, price, and frequency requirements.

When describing the differences to credit unions, I like to use the analogy of testing the security of a physical branch. A VAT would be similar to me walking around the branch, pulling on doors, windows, and roof hatches, making sure they are locked and secured. Should the employee entrance/exit door be unlocked, I would report that back to you and let you know that I would be able to break into your credit union via that door.

credit union technologyA penetration test would be similar to me doing the same walk-around; however, I would actually go into the unlocked door and try to steal confidential information and other assets before setting off any alarms. A penetration test is an ‘ethical hack’ while the VAT simply identifies a vulnerability in a network that a hacker would be able to exploit from the outside (i.e. open ports). Because the vulnerability assessment tests are less intrusive, the price is more palatable for credit unions.

The NCUA recommends credit unions perform VAT’s anywhere from weekly to quarterly and penetration tests anywhere from annually to bi-annually. The frequency of the tests are determined by several factors to include, but not limited to the budget, size and complexity of the credit union, and the deployment of multi-layered security as identified in the credit union’s information security risk assessment. 

Feel free to contact me directly (irafiq@curesources.coop) if you would like help determining if your credit union is taking proper proactive security measures, ensuring you will satisfy examiners, or not wasting money on needless testing!

ROI of Digital Signatures Calculator

You may also like

NCUA seizes Virginia credit union after drop in net worth
11 February, 2013

The NCUA seized a federal credit union in Norfolk, Va., on Friday. They placed the $2 million NCP Community Development ...

Miami Credit Union Gets Cease-and-Desist Order from NCUA
Miami Credit Union Gets Cease-and-Desist Order from NCUA
10 September, 2013

North Dade Community Development Federal Credit Union, a $5.8 million in Florida, has received a cease-and-desist order ...

3 Ways Credit Unions Can Make the Most of 2014 Strategic Planning
3 Ways Credit Unions Can Make the Most of 2014 Strategic Planning
4 November, 2013

It’s that time of year again. Football season has started, the leaves are changing colors and your credit union is plann...