FINANCIAL SERVICES

PRAGMATIC

Anitian does not enforce compliance. We work creatively and collaboratively with you to develop sound, reasonable, business-friendly ways to secure assets, protect investments, and meet compliance requirements.

EXPERIENCED

Anitian has over 20 years of experience protecting business systems. We know the nuts and bolts of security and compliance, so we can put concepts into action and deliver controls that produce true security protection.

EFFECTIVE

Our financial service team delivers actionable, sustainable results that meet the demands of your unique business to preserve stakeholder confidence and ensure smooth operations.

FINANCIAL SERVICES DETAILS

OVERVIEW
Financial companies are under persistent attack. Criminal organizations are constantly developing new malware variants specifically for financial systems. Anitian can help defend your systems, and keep you compliant.

First, our Sherlock service uses deception technologies and machine learning to mine your data for emerging threats. We augment this with user behavior analytics, to see if any users have unusual behavior.

Next, we use the latest threat intelligence from public sources and our proprietary library to defeat attacks on financial systems.

Lastly, we host everything at AWS, which meets rigorous compliance requirements such as GLBA, ISO 27001, SOC, and PCI.  And of course, Sherlock never commingles your data, which means your data, and your customer’s data, remain under your control.

RISK ASSESSMENT
Anitian can complete a risk assessment to meet the Federal Financial Institutions Examination Council (FFIEC) requirements. This assessment will align with the FFIEC  guidance for risk assessment and use the official Cybersecurity Assessment Tool resources as listed on their website.

This service consists of the following general tasks:

  • Project Planning: Validate the scope of the project. Review FFIEC documents and requirements. Schedule on-site work and meetings. Assemble relevant resources.
  • Asset Validation: Catalog and validate the scope of this assessment and any sampling and categorization methods used.
  • Stakeholder Interviews: Conduct a series of facilitated discussions with relevant project stakeholders. Capture key concerns and issues to assist with threat definition.
  • Technical Controls Review: Anitian will review existing third party and internal technical scans and assessments to assess the effectiveness and maturity of security controls. Anitian does not conduct any testing as part of this service; however, if there are any areas that require focused testing, Anitian will collaborate with your staff on a reasonable approach, and perform this testing under Anitian’s hourly advisory service.
  • Documentation Review: Anitian will review of Client’s documented policies, procedures, practices, guidelines, data flows, network diagrams, architectural designs or any other relevant documentation. Specific issues Anitian will consider as part of this Risk Assessment include:
    • Clarity and relevance of content
    • Impact of documentation on identified threats and vulnerabilities
    • Alignment with operational and technical realities in the organization
  • Physical Security Review: Anitian will conduct a review of physical security controls of Client’s data center and offices.
  • Threat Identification: Using data from interviews and security testing, Anitian will define the potential threats that are applicable to the in-scope assets.
  • Control Maturity Assessment: Anitian will determine what security controls (people, processes, and technologies) are in place and how effective they are at mitigating the identified threats.
  • Risk Assessment: Anitian will establish risk rankings for each threat, based on vulnerabilities present, probability of exploitation, impact on the organization, and the maturity of existing controls. Determine what, if any, residual risk exists if control maturity is improved.
  • Complete Inherent Risk Profile: Anitian will complete the FFIEC’s Inherent Risk Profile assessment using the materials provided on their website.
  • Complete Cybersecurity Maturity Report:Anitian will use the FFIEC Cybersecurity Reporting Tool to assess Client’s risk on all domains.
  • Risk Briefing: After Anitian has completed and delivered the Inherent Risk Profile and Cybersecurity Maturity Report, Anitian will conduct a one to two hour risk briefing with relevant stakeholders to gauge the Client’s risk tolerances. The results of this will be documented in the Action Plan.
  • Complete Action Plan: Based on the discussions in the Risk Briefing, Anitian will complete an Action Plan to define areas where Client can improve security controls or effectiveness and reduce risk.
  • Post Project Support: Anitian will supply up to 20 hours of post-project support to edit materials or assist Client with submitting reports to relevant regulatory bodies.
CONSULTATION SERVICES
For organizations looking for expert consultation, Anitian offers flexible, open-ended arrangements to provide guidance, feedback, and insight into the FFIEC/GLBA compliance process. Anitian’s consultants all deliver pragmatic, practical advice tailored to the unique needs of your business.

While consultation services can cover any topic, some of the common assistance Anitian provides includes:

  •  Guidance on requirements
  • Assistance with limiting scope of compliance
  • Technology recommendations and guidance
  • Review and feedback on policies, practices, or configurations
  • Assistance with compensating controls
  • Application design consulting
  • Assistance implementing required controls
  • Clarification of the expectation or intent of requirements
NETWORK PENETRATION TESTING
Anitian offers comprehensive internal and external penetration testing services designed to meet requirement 11.3. For more information on Anitian’s penetration testing services click here.
REMEDIATION SERVICES
One of the benefits of working with Anitian is that in addition to being able to conduct compliance assessments, we also have a complete staff of technology integrators. This gives us a real “nuts & bolts” view of FFIEC/GLBA compliance. We know exactly how to implement necessary controls, technologies, and practices to meet FFIEC/GLBA requirements. Our remediation services include implementation, optimization, and testing of the following:

  • Firewalls / UTM / NGFW
  • File integrity monitoring
  • SIEM / Log Management
  • Antivirus / Endpoint security
  • Encryption
  • Vulnerability management
  • Configuration management
  • Incident response
  • IDS / IPS
  • Security awareness
  • Software development life-cycle (SDLC)
  • System auditing & access control
WEB APPLICATION PENETRATION TESTING
Anitian offers comprehensive web application penetration testing services designed to meet requirement 6.6. For more information on Anitian’s application testing services click here.

Learning Resources

Presentation

Security as
Code

b

Paper

Communicating Risk
to Leadership

eBook

The Case for Security
in the Cloud

Contact

Share This