Information Technology and Infomation Security Consultants
Call PCSS @: 720-990-7556
The financial sector is a prime target for hackers because they control what hackers focus on today - monetary gain. Therefore, it is essential that financial institutions have a robust information technology security program that is externally vetted and tested. This is where PCSS can help.
We offer a full range of services to financial institutions that evaluate the organization's security strategy, systems, threat, vulnerabilities, and risk compared to regulations and industry best practices. This provides the basis or standard by which to make a comparison, identify gaps, and to provide recommendations on reaching compliance. The applicable regulatory and best practices may include: Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley (SOX), Dodd-Frank, the Federal Financial Institutions Examination Council (FFIEC), SANS Top 20 Critical Security Controls, and NIST 800-122 Guide for Protecting the Confidentiality of Personally Identifiable Information (PII).
PCSS will shape an engagement to meet the needs of your organization. Below are the typical activities included in an engagement.
- Document the regulatory and legal requirements that must followed, the security measures that should be implemented as best practice, and develop one information security management framework which will be the basis for the IT Security Program.
- Perform a risk assessment including identifying the major threats, vulnerabilities and likelihood of occurrence to include security devices, networks, data, external connections, access, servers, desktops, and applications.
- Provide a gap analysis between the “as is” and the security management standard.
- Conduct network, application, and wireless penetration testing, and include summarized results in the risk assessment and gap analysis.
- Evaluate third party connections and access using the risk assessment and gap analysis.
- Evaluate in and out bound remote access using the risk assessment and gap analysis.
- Identify, itemize, and evaluate the effectiveness of the organization's information security assets. This will include deficiencies identified through the risk assessment and recommendations for improvements.
- Develop and recommend options for addressing the identified risks using a prioritized approach.
- Recommend development or changes to policies and procedures to document the Information Security program while reducing, transferring, and mitigating risks.
- Develop a risk-based process for evaluating partners, consultants, or other service providers, and processes for managing the cyber security risks inherent to these entities.
- Provide overall summary approach and recommendations for improving the organization's Information Security Program.
Contact PCSS today to learn more about our Financial Security services 720-990-7556.