Financial Services Provider Case History

SCENARIO: An industry leading organization that provides state-of-the-art lending and treasury management solutions for financial institutions needed to develop and implement a new information security program for an upcoming federal audit.

The organization delivers the only fully-integrated lending system designed to process any type of loan, ranging from consumer loans to banking and real estate loans. The organization’s unique single system solution gives clients the advantage in terms of operating costs and ability to manage enterprise-wide data integrity.

The organization also offers a comprehensive, multifaceted treasury management program that includes:

  • Continuous improvement of the treasury management function
  • The organization’s expertise and ability to execute
  • Industry best practices

WCG STRATEGY/SOLUTION:

Wilson Consulting Group (WCG) conducted an audit of the organization’s information security program, including its IT technical infrastructure, security policy and procedures, along with the organization’s application development areas. WCG then compiled a report of security risks facing the organization. Within this report, risks were numerated and calculated as High, Medium, and Low.

WCG completed the following tasks for the organization’s security program:

Policy Review and Creation

  • Conducted gap analysis on current policies and procedures
  • Developed improved policies and procedures

Incident Management

  • Developed viable incident management process and program

Event Correlation and Logging

  • Developed a viable event correlation and logging process and procedures to satisfy Federal Financial Institutions Examination Council (FFIEFC) audit requirements

Vulnerability Assessment

  • Designed and developed a viable vulnerability assessment process and procedures

Remediation Management

  • Designed and developed a viable remediation management process and procedures

Disaster Recovery Plan (DRP)

  • Conducted gap analysis of current disaster recovery process
  • Implemented gaps within the DRP to satisfy FFIEC Audit requirements

Encryption

  • Designed and developed a viable encryption policy and architecture to satisfy FFIEC audit requirements

RESULTS: WCG helped the organization rectify all risks based on the findings of the vulnerability assessment and gap analysis, and designed and developed improved processes, procedures, and policies. The organization received an improved audit score from the FFIEC.