At Sword & Shield we believe that financial institutions can become COMPLIANT and SECURE by taking a risk-based approach to identifying, monitoring and regularly testing a common set of security controls designed to protect sensitive information.
Sword & Shield Services for Financial Services
|GLBA Auditing||Sword & Shield can bring you into compliance with GLBA while making sure that your security policies are effective. Using the FFIEC Information Security Booklet as a guide, we can assist you with maintaining compliance by integrating people, processes and technology and by applying prevention, detection, response, security domains, least permissions and least privilege strategies.|
|PCI Auditing||As a VISA-certified Qualified Security Assessor (QSA), we can help your company prevent breaches.We have cost-effective PCI compliance solutions to enable your organization to become compliant and maintain this compliance regardless of your merchant or service provider level|
|Virtual Chief Security Officer||A single point of contact at Sword & Shield who will be your organization’s trusted adviser. The VSCO will work hand-in-hand with your staff to remedy your security and compliance issues and accomplish your long-term goals.|
|Risk & Compliance Shield||Risk & Compliance Shield™ uses a risk-based approach to categorize risks associated with the various applications and networks that store, process and transmit sensitive data by identifying the people, policies, processes and technology associated with business sensitive information.|
|Security Policy Development||Written Information Security Policy documents are a formal declaration of management’s intent to protect information, and are required for compliance with various security and privacy regulations.|
|Security Testing Services||Reduces risks that someone with the intent to do harm could bypass security controls and gain access to sensitive information. Provides verification of security controls and meets independent, third-party assessment requirements.|
|Web Application Testing||Examines the subsystems, components, interactions and security mechanisms of the Web application and identify Web security weaknesses|
|Mobile Application Assessment||Verifies encryption of data stored on mobile devices.|
|Configuration & Hardening Review||Review the OS, external connections, and application-level security. Report our findings with actionable recommendations to improve the policies, procedures, and security controls of your systems.|
|Virtual Infrastructure Assessment||Audit of your virtual infrastructure to include access control, the application of least privilege, data protection, secure network configuration, disaster recovery planning and testing, and threat analysis specific to virtualized environments.|
|Shared Assessment||Evaluates vendor controls for security, privacy and business continuity to ensure your service providers are using sufficient oversight to protect personal identifiable information.|
|Security Awareness Training||Performs security testing and provides a comprehensive report to detail vulnerabilities present and/or exploited and provides recommendations for improving security and reducing risk.|
|Incident Response||Provides rapid response when you suspect someone has compromised PII data on your systems.|
|Forensics Investigations||Reduces workload on the IT department from time consuming electronic investigations and insures that evidence is preserved and admissible in a court of law.|
|eDiscovery||Bridges the knowledge gap between IT and Agency legal department when producing electronic evidence and expert witness in litigation.|
|Data Breach Threat Analysis||To respond to the growing threat of data breaches, Sword & Shield will proactively identify the types of cyber attacks, the origin of the attacks and will determine if there is evidence of an existing threat in the form of malware and viruses.|
A Real Success Story
Sword & Shield Analysts Find Malicious Software on Credit Union Computer
After a federal credit union lost more than $1.6 million via fraudulent ACH transfers, this credit union contacted Sword & Shield for assistance.
The wire transfers were initiated from a computer located in the United States and then transferred to other banks within the United States before being sent via Western Union to a location in the Ukraine. Sword & Shield performed a full forensic analysis of the applicable environment to determine that sophisticated malware was inadvertently installed on the computer used for ACH wire transfers three days prior to the fraudulent wire transfers.
Our analysts researched and reverse-engineered the malicious software to determine its functionality and origin and determined that the malicious software was specifically designed to elude anti-virus protection and capture the username and password combinations for online banking applications.
Further work with the FBI determined that the origin of the attack was in the Ukraine at the same location that the stolen funds were sent. Since that time, the FBI has issued many warnings to all businesses conducting online banking to safeguard the machines used for online financial transactions.
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or call us so we can begin securing your future.
U.S. Toll-free: 800-810-1885