Information Security Management

Cornerstone assesses your Information Security Program Assessment to provide your organization with insight as to its overall effectiveness.


Cornerstone Advisors’ financial organization Information Security Assessment procedures are not only based on the extensive FFIEC guidelines; we actually take those FFIEC guidelines and adopt the ones that are truly relevant to how you do business and how you have implemented your computing infrastructure.

Those guidelines are supplemented with procedures based on other internationally recognized external standards such as COBIT, PCI-DSS, ISO17799-2005 and our experience in the field.

Cornerstone Advisors will:

      • Identify and document threats to the security, integrity, accessibility, and confidentiality of the bank’s information systems, both electronic and non-electronic
      • Establish appropriate security policies and procedures to mitigate the risks of such threats
      • Include appropriate security monitoring and incident response processes
      • Evaluate the risks of using third-party vendors for information processing

Cornerstone Advisors report of the assessment will:

      • Document the current condition of the bank’s compliance with the Gramm-Leach-Bliley Act and related regulations
      • Identify threats to the security of electronic and non-electronic information systems and those steps the bank has taken to mitigate the occurrence of these threats and exposure to them
      • Include a risk matrix that documents information security systems, risks, threats, exposures and administrative, technical and physical security controls.
      • Include recommend actions the bank can take to address information system security weaknesses
      • In addition, we will provide security policy templates and other information, as appropriate, to ensure the banks information security policies meet regulatory requirements.