Since the Gramm-Leach-Bliley Act (GLBA) of 1999, federal regulators increasingly expect financial institutions to implement strong and regular comprehensive IT audits (gap analysis and risk assessments) to protect their customers’ private financial information.
|FFIEC IT Examination Handbook|
|Banking Security Information|
|Credit Union Security Information|
|Sword & Shield Financial Industry Solutions|
Regulators want banks and credit unions to place a greater emphasis on the competency of their technology and on the use of information gleaned from a bank’s audit provider.
However, not all IT audits and vulnerability scans are of equal quality.
Sword & Shield uses multiple scanning tools to identify vulnerabilities that a hacker may find and exploit to gain access to sensitive information. Our customized reports provide findings and recommendations suitable for the executive and detailed enough to provide specific direction to the technical staff to reduce or eliminate the vulnerabilities.
We are NOT an auditing firm or an IT service provider who decided to add security consulting to our offerings. Our core business has always been and still is security, and we provide industry-specific solutions to businesses across a variety of markets, including the financial sector.
Sword & Shield can bring you into compliance with GLBA while making sure that your security policies are effective. Using the Federal Financial Institutions Examination Council (FFIEC) Information Security Booklet as a guide, we can assist you with maintaining compliance — by integrating people, processes and technology. We will show you how to apply strategies for prevention, detection, response, security domains, least-permissions, and least-privilege policies. In addition, independent security audits, vulnerability assessments, and penetration tests are prescribed to determine the effectiveness of the security controls. We assist you in creating continuous monitoring of security controls so this is not just a once a year event.
Effectiveness of Security Awareness Training
Sword & Shield provides security awareness training delivered via the web that you can customize with your own security policies. A method to test and track employees’ progress in meeting the training requirements is included. The web-based portal also allows employees to read and electronically sign the acceptable use policy to ensure that all employees understand what is being required of them.
We also perform up to four “social engineering” tests – phishing, pre-texting, baiting and tailgating – to test your current vulnerabilities and make recommendations for your security awareness training program.
Effectiveness of an Incident Response Plan
Sword & Shield can audit and evaluate your incident response plan to dictate actions should a breach occur. Our Rapid Response Shield™ provides a cost-effective way of identifying what happened, what action was taken, how the hacker or hackers got into the network, and what you can do to prevent a recurrence.
Our forensics lab can collect and protect evidence to insure chain of custody handling in the instance of litigation concerns. We provide the mission link between legal counsel and IT because we understand what corporate counsel needs and how to cost-effectively extract information from IT resources – saving you time and money.
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or call us so we can begin securing your future.
U.S. Toll-free: 800-810-1885