Finance & Insurance IT Security Services | Sword & Shield Enterprise Security, Inc.

PCI Qualified Security Assessor (QSA) Handling sensitive customer data is part of a financial organization’s everyday activities and keeping this information confidential and safe is a top priority. Standards and regulations seek to establish security controls to protect the information from those seeking to do harm. Implementing an effective risk assessment and compliance process is critical for financial organizations to meet their goals. At Sword & Shield we believe that financial institutions can become COMPLIANT and SECURE by taking a risk-based approach to identifying, monitoring and regularly testing a common set of security controls designed to protect sensitive information.

Banking

Resources
FFIEC IT Examination Handbook
Banking Security Information
Credit Union Security Information

Whether you are regulated by the National Credit Union Administration (NCUA), the Federal Deposit Insurance Corporation (FDIC), the Office of Thrift Supervision (OTS), or the office of the Comptroller of the Currency (OCC), banking institutions must comply with Federal Financial Institutions Examination Council (FFIEC) regulations on information security and information management.

Increasingly, community banks are being threatened by clever cyber-criminals who use undetected malware to siphon millions of dollars from electronic funds Sword & Shield has a risk based approach to complying with regulations and protecting valuable assets.

A Real Success Story

Sword & Shield Analysts Find Malicious Software on Credit Union Computer

After a federal credit union lost more than $1.6 million via fraudulent ACH transfers, this credit union contacted Sword & Shield for assistance.

The wire transfers were initiated from a computer located in the United States and then transferred to other banks within the United States before being sent via Western Union to a location in the Ukraine. Sword & Shield performed a full forensic analysis of the applicable environment to determine that sophisticated malware was inadvertently installed on the computer used for ACH wire transfers three days prior to the fraudulent wire transfers.

Our analysts researched and reverse-engineered the malicious software to determine its functionality and origin and determined that the malicious software was specifically designed to elude anti-virus protection and capture the username and password combinations for online banking applications.

Further work with the FBI determined that the origin of the attack was in the Ukraine at the same location that the stolen funds were sent. Since that time, the FBI has issued many warnings to all businesses conducting online banking to safeguard the machines used for online financial transactions.

Insurance

Insurance companies process, transmit and store sensitive information pertaining to their clients. There is a trust relationship on the part of the client that sufficient controls are in place to protect the information and prevent any data compromise resulting in sanctions under state and federal privacy laws. Sword & Shield can assist you in testing your physical and logical security controls outlined in the NAIC examiner guide to data security.

Evaluation of Controls in Information Systems

Sword & Shield Services for Financial Services

Government Sector Solutions	Benefits of the Sword & Shield Approach
GLBA Auditing	Sword & Shield can bring you into compliance with GLBA while making sure that your security policies are effective. Using the FFIEC Information Security Booklet as a guide, we can assist you with maintaining compliance by integrating people, processes and technology and by applying prevention, detection, response, security domains, least permissions and least privilege strategies.
PCI Auditing	As a VISA-certified Qualified Security Assessor (QSA), we can help your company prevent breaches.We have cost-effective PCI compliance solutions to enable your organization to become compliant and maintain this compliance regardless of your merchant or service provider level
Risk & Compliance Shield	Risk & Compliance Shield™ uses a risk-based approach to categorize risks associated with the various applications and networks that store, process and transmit sensitive data by identifying the people, policies, processes and technology associated with business sensitive information.
Security Policy Development	Written Information Security Policy documents are a formal declaration of management’s intent to protect information, and are required for compliance with various security and privacy regulations.
Web Application Testing	Examines the subsystems, components, interactions and security mechanisms of the Web application and identify Web security weaknesses
Security Testing Services	Reduces risks that someone with the intent to do harm could bypass security controls and gain access to sensitive information. Provides verification of security controls and meets independent, third-party assessment requirements.
Social Engineering to Test Security Awareness Training	Performs Security Awareness Testing in an attempt to trick employees into divulging confidential information that may be used to compromise network defenses and critical systems.
Compliance Central for BITS FISAP	Evaluates vendor controls for security, privacy and business continuity to ensure your service providers are using sufficient oversight to protect personal identifiable information.
Security Awareness Training	Performs security testing and provides a comprehensive report to detail vulnerabilities present and/or exploited and provides recommendations for improving security and reducing risk.
Incident Response	Provides rapid response when you suspect someone has compromised PII data on your systems.
Forensics Investigations	Reduces workload on the IT department from time consuming electronic investigations and insures that evidence is preserved and admissible in a court of law.
eDiscovery	Bridges the knowledge gap between IT and Agency legal department when producing electronic evidence and expert witness in litigation.
Secure Portable Workspace for the Mobile Worker or Student	Simply plug Check Point’s Abra stick into any Windows-based PC and enter your credentials to immediately turn any PC into a secure, virtual network.