The regulators have become seriously serious about IT, going beyond once routine IT compliance reviews to make certain you and your IT people actually know what vulnerabilities the bank faces and how to manage them. That means vulnerability scanning of your bank's IT system should be part of a well-layered approach to managing your risk to denial of service attacks, theft of confidential bank information, theft of customer identities and information, and knowing just what is connected on the inside of your network as well. To discover what's on your network, an IT compliance examination should include vulnerability mapping and scanning so you actually know, and can prove to regulators, what is on your system. TCA uses a three-step approach to testing your vulnerability management program. 1. Mapping - or identification of all systems on your internal and external network. Each PC in your bank has 65,536 ports - all vulnerable in one way or another to unauthorized access. 2. Scanning the devices for known vulnerabilities against a database that is updated as new vulnerabilities are discovered by the security industry. 3. Reporting to the bank in two formats, one a technical and the other an executive format.