Cyphra helped a financial services organisation improve their cyber risk management governance and compliance capabilities and initiate a cyber security control improvement programme.

Challenge:

This financial services organisation had identified a need to improve board level governance in relation to cybersecurity risk management. They also had concerns on the maturity and effectiveness of their cyber security controls and the impact that this might have on their resilience to malicious attacks and their ability to meet externally audited FCA security compliance requirements.

Solution:

Cyphra were selected by the organisation to conduct a high-level cyber security assessment on the maturity of the organisation’s key security controls. This engagement identified several areas of concern and Cyphra were further engaged to conduct an in-depth assessment and to produce a tactical Security Improvement Plan to address any shortfalls. The organisation had identified the need for additional skilled security resources to augment their existing teams and Cyphra provided a part-time CISO to lead the improvements in cybersecurity governance, a senior security architect to lead the technical security control improvements and a cyber–incident response service to provide additional skilled resource in the case of a serious cyber security incident.

The in-depth assessment identified a number of security control related risks including some associated with the core banking system.  Following board approval of the security improvement plan, the programme of security control solutions was initiated. This included:  

  • Improved network segregation and firewall security configuration.
  • Assisting in securing their cloud based Office365 email through the implementation of a federated authentication solution with enhanced security controls.
  • Improvements to the protection of their key web services (using Single Sign-On and Advanced Web Application Firewalls).
  • Advice and guidance on improving their vulnerability management processes and procedures.
  • Logging and monitoring analysis review.
  • Implementation of a managed SIEM service.
  • Conducting cyber security due diligence reviews of key third party suppliers.
  • Conducting a series of internal IT security audits.
  • Supporting the organisation through their financial services’ specific audits.

Outcome:

The organisation successfully completed their financial services compliance audits and have improved their governance and board level awareness of cyber security as a result of the services provided by Cyphra. In addition, Cyphra has helped to deliver significant security control improvements in the following areas:

  • Network security.
  • Application security.
  • Cloud service security.
  • Third party supplier cyber risk management.
  • Compliance (FCA, GDPR).
  • Security incident detection and response.
  • Vulnerability management.

Secure your business

Let’s discuss how we can help you.