Industry : Bank 
Location : USA
Cybersecurity Policies & Procedures Review
The goal here was to help the client identify gaps and areas for improvement across their existing cybersecurity policies and procedures.
Foreign Banking Organization operating in NYC
-
72
Countries
-
202K
Employees
-
€42.5B
revenue (2018)
-
600+
Branches & Business Centers
A foreign banking organization required insight into the adequacy of existing cybersecurity policies especially since there was no clear relationship between their policies, standards, guidelines and procedures.
The content of available policies also needed reconciliation with NYS DFS 23 NYCRR 500 requirements and industry leading practices to ensure they provided appropriate coverage for the policy domain.
Our approach centered around identifying how the organization was using applicable regulations, enterprise policies, standards, and procedures to better govern cybersecurity as an enterprise wide, strategic issue.
ISO/IEC 27001 formally defines the mandatory requirements for an Information Security Management System (ISMS) and was used as the policy benchmark for the Policy Review. DFS policy requirements were mapped and then overlaid with available/relevant client policies
Impact
- Increased Policy adherence rate
- Higher regulatory compliance score
- Higher patching and vulnerability management score
- Higher user training completion rate
Fortify with Modern Security
Talk to ExpertsCase Studies
Cybersecurity Program & Remediation Strategy
The goal here was to help the client identify and mitigate potential cybersecurity risks in order to protect its information systems and assets
Control Assessment & AFIS and IRIS-based forensic product review
The engagement involved evaluating the client's security controls and policies, as well as assessing the effectiveness of digital forensic products based on Automated Fingerprint Identification System (AFIS) and Iris Recognition Integrated System (IRIS) technologies.
Forensic analysis of GDPR breach & Annual audit of control readiness
The engagement involved investigating and analyzing a security incident to determine the cause and extent of a potential data breach while the annual audit of control readiness involved reviewing the client's security controls and policies to assess their effectiveness in addressing potential security risks and compliance with relevant regulations.
Cybersecurity Technology Evaluation & Design
The engagement involved evaluating different vendors of intrusion detection and prevention systems and selecting the best solution to meet the client's specific security requirements.
Cyber Risk Map
The goal here was to develop a visual representation of the client's cyber risk exposure.
Compliance Assessments
The goal here was to help the client comply with applicable cybersecurity and privacy regulations while ensuring secure handling of credit card information that aligns with PCI-DSS requirements.
