Security Enhancement, Bank/Finance
March 30, 2015
An organization within FMI (financial monetary institutes) industry needed an overview of their Governance across the entity, including dependencies upon other organisations inside and outside their organization. The current informstion security system was dated and there was a need for something more modern that also could be measured against ISO27000 standards and enable their ISO Certification for their ISMS (information security management system).
To get there, they needed to understand information security risks based on their likelihood of compromise and consequence and have a selection of controls, among minimum was;
- Preventative, detective and reactive controls across the physical, personnel
and technical security functions
– Network Security & Malware prevention
– Configuration of hardware, software, data bases and information systems
– Monitoring and alert services
– Removable media management
– Home and mobile working policies
– New policies managing user privileges
– User education and awareness
– Proactively consider new technologies, newly identified vulnerabilities and new
Organization need an overview of their Governance across the entity, including dependencies upon other organisations. To get there, they needed to:
As start, capturing the security policies and technical controls that needed to be in force during term of agreement. In addition, a system technical baseline was documented per OS system, sub-system, Db and application level, where all security controls where noted in ISMS technical specifications as a baseline of current IT security controls, of systems at the time of their Service Provider where to take control of managed system and environments. Additionally, Vulnerability Assessment (VA) of IT Infrastructure scope included:
Security Work Stream Program contribution included:
- Information Security Controls (ISMS) document describing contractual agreed responsibilities and reflection of Client’s security policies, including documentation of Client’s technical security baseline of each OS system, sub-system, Databases, Application as of current initial value (fingerprint).
– A Security Policy assessment report where Client’s current security policies where compared with ISO27001 standard.
- From vulnerability scanning, all VA results and assessed against Nessus industry tool settings and results was and, processed through ISMS Threat assessment and gap-analysis to identify threats including threat ranking and recommendations for how to mitigate identified threats.
– Executive Summary Report of Client’s Security posture delivered and presented to client CISO and CIO.
– As a final deliverables, a short term project plan was drafted for steady state (BAU) remediation and implementation of mitigating controls for all identified threats.
IT consulting service with support for development and maintenance in the form of consulting advice with focus on IT and Information Security and Risk Management. Support your adherence to Compliance (legal and regulatory requirements), and leading project implementation of management systems for control of IT and Information Systems (ISMS/LIS)
Get in Touch
© Copyright. All Rights Reserved