Anitian does not enforce compliance. We work creatively and collaboratively with you to develop sound, reasonable, business-friendly ways to secure assets, protect investments, and meet compliance requirements.
Anitian has over 20 years of experience protecting business systems. We know the nuts and bolts of security and compliance, so we can put concepts into action and deliver controls that produce true security protection.
Our financial service team delivers actionable, sustainable results that meet the demands of your unique business to preserve stakeholder confidence and ensure smooth operations.
FINANCIAL SERVICES DETAILS
First, our Sherlock service uses deception technologies and machine learning to mine your data for emerging threats. We augment this with user behavior analytics, to see if any users have unusual behavior.
Next, we use the latest threat intelligence from public sources and our proprietary library to defeat attacks on financial systems.
Lastly, we host everything at AWS, which meets rigorous compliance requirements such as GLBA, ISO 27001, SOC, and PCI. And of course, Sherlock never commingles your data, which means your data, and your customer’s data, remain under your control.
This service consists of the following general tasks:
- Project Planning: Validate the scope of the project. Review FFIEC documents and requirements. Schedule on-site work and meetings. Assemble relevant resources.
- Asset Validation: Catalog and validate the scope of this assessment and any sampling and categorization methods used.
- Stakeholder Interviews: Conduct a series of facilitated discussions with relevant project stakeholders. Capture key concerns and issues to assist with threat definition.
- Technical Controls Review: Anitian will review existing third party and internal technical scans and assessments to assess the effectiveness and maturity of security controls. Anitian does not conduct any testing as part of this service; however, if there are any areas that require focused testing, Anitian will collaborate with your staff on a reasonable approach, and perform this testing under Anitian’s hourly advisory service.
- Documentation Review: Anitian will review of Client’s documented policies, procedures, practices, guidelines, data flows, network diagrams, architectural designs or any other relevant documentation. Specific issues Anitian will consider as part of this Risk Assessment include:
- Clarity and relevance of content
- Impact of documentation on identified threats and vulnerabilities
- Alignment with operational and technical realities in the organization
- Physical Security Review: Anitian will conduct a review of physical security controls of Client’s data center and offices.
- Threat Identification: Using data from interviews and security testing, Anitian will define the potential threats that are applicable to the in-scope assets.
- Control Maturity Assessment: Anitian will determine what security controls (people, processes, and technologies) are in place and how effective they are at mitigating the identified threats.
- Risk Assessment: Anitian will establish risk rankings for each threat, based on vulnerabilities present, probability of exploitation, impact on the organization, and the maturity of existing controls. Determine what, if any, residual risk exists if control maturity is improved.
- Complete Inherent Risk Profile: Anitian will complete the FFIEC’s Inherent Risk Profile assessment using the materials provided on their website.
- Complete Cybersecurity Maturity Report:Anitian will use the FFIEC Cybersecurity Reporting Tool to assess Client’s risk on all domains.
- Risk Briefing: After Anitian has completed and delivered the Inherent Risk Profile and Cybersecurity Maturity Report, Anitian will conduct a one to two hour risk briefing with relevant stakeholders to gauge the Client’s risk tolerances. The results of this will be documented in the Action Plan.
- Complete Action Plan: Based on the discussions in the Risk Briefing, Anitian will complete an Action Plan to define areas where Client can improve security controls or effectiveness and reduce risk.
- Post Project Support: Anitian will supply up to 20 hours of post-project support to edit materials or assist Client with submitting reports to relevant regulatory bodies.
While consultation services can cover any topic, some of the common assistance Anitian provides includes:
- Guidance on requirements
- Assistance with limiting scope of compliance
- Technology recommendations and guidance
- Review and feedback on policies, practices, or configurations
- Assistance with compensating controls
- Application design consulting
- Assistance implementing required controls
- Clarification of the expectation or intent of requirements
NETWORK PENETRATION TESTING
- Firewalls / UTM / NGFW
- File integrity monitoring
- SIEM / Log Management
- Antivirus / Endpoint security
- Vulnerability management
- Configuration management
- Incident response
- IDS / IPS
- Security awareness
- Software development life-cycle (SDLC)
- System auditing & access control