Ideas in Motion: Anthony Munns Assesses Risk and Rewards
By Scott H. Cytron, ABC, and Bryan Cytron
It’s a pressure-packed meeting and the business executives are worried. With the daily newspapers and talk shows full of news on yet another security breach and identity theft incident, the higher-ups are trying to figure out how to protect their data and systems. More importantly, they want to ensure their technology and supporting information provides the necessary and much-needed peace of mind they must have for their customers and themselves.
As the group surmises its present processes won’t get the job done, they realize they need help. That’s where Anthony J. Munns, CISA, CIRM, CPIM, comes in.
Munns is head of the Risk Management Services practice for Brown Smith Wallace, LLC in St. Louis, Mo., where he performs IT audit, security, HIPAA implementation services and technology attest reviews, including SAS 70 reviews. Brown Smith Wallace is an independent member firm of Moore Stephens International, Limited.
Prior to joining the firm, he led Andersen’s St. Louis-based risk consulting practice, as well as Great Plains’ regional business systems audit practice. With a specialty in bringing major company practices to small- and mid-sized companies, Munns spends a great deal of time helping clients adhere to regulations. For example, he helps large and small healthcare providers, employer’s health plans, software companies and clearinghouses become compliant with HIPAA.
“We offer everything from application controls and data analysis, to security and privacy, Web site security, wireless security review, and infrastructure risk,” says Munns. “However, two of the more in-demand areas include vulnerability assessments and penetration studies.”
In a vulnerability assessment, he and his staff identify, source and assess IT security risks within the context of business processes, including Internet environments.
“We will perform a limited vulnerability assessment and provide an analysis of potential exposures,” he says. “We will review the configuration, tuning and patch levels of all key components of your network systems, including operating system reviews of all servers, communication devices such as firewalls, routers dial-up controllers, and key communication applications such as VPNs.”
Penetration studies offer a somewhat different set of services and competencies.
“One of the first things any client wants to know is how vulnerable its system is to security attacks, but does not have the capabilities to perform these services,” says Munns. “We will provide you with a hacker's-eye-view of what your network looks like, as well as offer guidelines to make your network unattractive to malicious hackers and script-kiddies.”
The staff examines critical business systems and determines the level of exposure to internal and external threats.
“Using state-of-the-art tools, we identify and examine vulnerabilities in your external perimeter, including Internet services such as e-Mail and hosted Website.” The scope includes a limited review of remote access methods for road warriors and support personnel, including VPNs, terminal servers and dial-up modem banks.
“In a security assessment recently at one client, we found a Chinese hacker resident on the company’s system – using it as a base to attack defense type systems,” says Munns. “He was terminated and weak security configuration improved! On wireless, we scan for the footprint of the network. It is amazing how many other unprotected networks we find when doing this, and we frequently find internal networks that IT was totally unaware of; unfortunately, our professional standards prevent us approaching these companies to offer our services!”
Munns excels in project leadership, international consulting and in key ERP implementations. He not only led audit support for prominent companies such as Payless ShoeSource, Edward Jones and May Company, but also transformed Andersen’s small audit support practice into a 16-person, technology risk practice that thrived with strong teams in advanced system and network security, and ERP applications.
Through Brown Smith Wallace, Munns and his associates will review the configuration, tuning and patch levels of all key components of network systems, including operating system reviews of all servers, communication devices (firewalls, routers dial-up controllers) and key communication applications. VPNs fall under this area.
In the ‘90s, Munns led a multi-disciplined team that reviewed facilities, security and controls of a major outsourcing provider for a multi-million dollar outsourcing contract, in which he also advised on contract negotiation. Following this, he provided Asia Pacific with a machine tool shuttling – a design that aimed to help form a better planning and scheduling system. He also saved an integrated manufacturing system at a major Philippines manufacturing facility that failed in an implementation.
Over the years, Munns continued played a prominent role in the set up of a U.S.-based international trading company, and later installed a multi-currency General Ledger system. Munns also created systems, process flows and standards, as well as supported European implementation, and converting Buy/Sell countries to a consignment basis and manufacturers to tolling operation.
Munns also gives his time to help others in several nonprofit arenas. He is on the Board of Directors of the St. Louis Learning Disabilities Association, a nonprofit group providing education, support and advocacy to parents and professionals to improve the understanding and acceptance of learning disabilities. Munns also is the president of the Board of Directors for HotHouse Theatre Company, a nonprofit group that is the only downtown St. Louis theatre company.
Munns might depict a silver platter of excellence, but nothing was handed to him with a silver spoon. Through his engagements, he has shown determination and passion for his work. As companies continue evaluating and monitoring their processes, there’s no doubt that Munns and his team will find innovative ways to service this sector.
About Author:
Scott H. Cytron, ABC, is an accredited communications and public relations consultant working in the accounting, health care, high-tech and finance industries. He also teaches efficient and effective writing to professional services’ groups and can be reached at scott@cytronandcompany.com or through his Web site, http://www.cytronandcompany.com.
About Column:
Ideas in Motion is a monthly column designed to focus on best practices within CPA firms and organizations involved in providing technology related services.
Comments/Feedback about this column... AS411 is constantly looking for new companies and people to profile in this column so If you feel your organization stands out from the crowd we'd like to hear from you (Feedback Form)
|
|
Sponsor Messags & Links
Red Wing Software
With more than 25 years of experience developing accounting software, Red Wing Software knows businesses. We specialize in providing software at a reasonable price to companies who are outgrowing their current software and need more functionality, especially where inventory is concerned. Red Wing Software offers a complete suite of software products that can integrate and work together, including General Ledger, Accounts Payable, Accounts Receivable, Inventory, Order Entry, Purchase Orders, and Payroll. For more information about Red Wing Software products, please call 800-732-9464, or...
Visit Red Wing for more details
AS411 - Software Search Service
Tired of searching for software?
AS411's complimentary software search service will help you locate professionals in your area who can help you with all your software needs. It's simple, easy and only takes a few minutes.
Click Here to learn more
|
|
|