Cyphra helped a financial services organisation improve their cyber risk management governance and compliance capabilities and initiate a cyber security control improvement programme.
This financial services organisation had identified a need to improve board level governance in relation to cybersecurity risk management. They also had concerns on the maturity and effectiveness of their cyber security controls and the impact that this might have on their resilience to malicious attacks and their ability to meet externally audited FCA security compliance requirements.
Cyphra were selected by the organisation to conduct a high-level cyber security assessment on the maturity of the organisation’s key security controls. This engagement identified several areas of concern and Cyphra were further engaged to conduct an in-depth assessment and to produce a tactical Security Improvement Plan to address any shortfalls. The organisation had identified the need for additional skilled security resources to augment their existing teams and Cyphra provided a part-time CISO to lead the improvements in cybersecurity governance, a senior security architect to lead the technical security control improvements and a cyber–incident response service to provide additional skilled resource in the case of a serious cyber security incident.
The in-depth assessment identified a number of security control related risks including some associated with the core banking system. Following board approval of the security improvement plan, the programme of security control solutions was initiated. This included:
The organisation successfully completed their financial services compliance audits and have improved their governance and board level awareness of cyber security as a result of the services provided by Cyphra. In addition, Cyphra has helped to deliver significant security control improvements in the following areas: