- GDPR’s Data Protection Impact Assessment and its Implications for OrganizationsJanuary 31, 2018
- Strategies to Combat the Rise of Advanced Persistent Threats (APTs)January 31, 2018
- Shielding the Organization in the Fight Against MalwareJanuary 31, 2018
- Minimizing Threats and Vulnerabilities on Mobile PlatformsJanuary 31, 2018
- Managing Vulnerabilities and Risks in the Healthcare SectorJanuary 31, 2018
SCENARIO: An industry leading organization that provides state-of-the-art lending and treasury management solutions for financial institutions needed to develop and implement a new information security program for an upcoming federal audit.
The organization delivers the only fully-integrated lending system designed to process any type of loan, ranging from consumer loans to banking and real estate loans. The organization’s unique single system solution gives clients the advantage in terms of operating costs and ability to manage enterprise-wide data integrity.
The organization also offers a comprehensive, multifaceted treasury management program that includes:
- Continuous improvement of the treasury management function
- The organization’s expertise and ability to execute
- Industry best practices
Wilson Consulting Group (WCG) conducted an audit of the organization’s information security program, including its IT technical infrastructure, security policy and procedures, along with the organization’s application development areas. WCG then compiled a report of security risks facing the organization. Within this report, risks were numerated and calculated as High, Medium, and Low.
WCG completed the following tasks for the organization’s security program:
Policy Review and Creation
- Conducted gap analysis on current policies and procedures
- Developed improved policies and procedures
- Developed viable incident management process and program
Event Correlation and Logging
- Developed a viable event correlation and logging process and procedures to satisfy Federal Financial Institutions Examination Council (FFIEFC) audit requirements
- Designed and developed a viable vulnerability assessment process and procedures
- Designed and developed a viable remediation management process and procedures
Disaster Recovery Plan (DRP)
- Conducted gap analysis of current disaster recovery process
- Implemented gaps within the DRP to satisfy FFIEC Audit requirements
- Designed and developed a viable encryption policy and architecture to satisfy FFIEC audit requirements
RESULTS: WCG helped the organization rectify all risks based on the findings of the vulnerability assessment and gap analysis, and designed and developed improved processes, procedures, and policies. The organization received an improved audit score from the FFIEC.