Cyber security & Risk management

cyber security & Risk management

Effective Cyber Security and Risk Management are an unavoidable part of modern business from protecting against malicious Programmes to managing access to sensitive data, it can be difficult to assess your potential risks without compromising your security. Our consultants not only assist in the implementation of IAM and PAM tools but help you to create standardised risk assessments too. Testing the vulnerability of your IT and planning effective procedures helps you to mitigate problems in the worst-case scenarios.

Case studies

  • Implementation of Identity Access Management Solutions

    Client: A Leading Clearing Exchange


    Challenge

    • Asked by the Client to deliver solutions to address IAM, PAM and PEM needs in multiple enterprise networks.

    Approach

    • Our team of Architects lead the design of Centrify architecture to address the Clients IAM, PAM, and PEM needs.
    • Provide support installing, implementing, and configuring all aspects of Centrify products including Infrastructure Services, Privilege Access Service, and Direct Audit.
    • Develop risk mitigation strategies based on MITRE Attack Framework and SANS as part of working with SOC for Incident Response.

    Results

    • Successfully operated and managed the deployment of the Privileged Access Management ecosystem across AWS and on prem environments. 
    • Deployment of IAM controls in the 25000+ server environment.

  • Implementation of Security and Enterprise Risk Management Reporting

    Client: Leading Settlements Firm


    Challenge

    • A Global provider of Settlement solutions required the implementation of Security and Enterprise Risk Management Reporting across the business.

    Approach

    • Engaged with firm-wide Information Security and Infrastructure teams to implement cyber security and risk management reporting for on-premise, cloud-based and vendor-hosted infrastructure vulnerability management, compliance and patch management.

    Results

    • Achieved 20% reduction in reporting timelines by reengineering, automating and documenting IT security reporting processes.  
    • Enabled security operations teams to respond faster to emerging technology vulnerabilities and threats by providing weekly and monthly security health reporting to Technology and Operations governance board and senior Information Security management. 

  • Review of Third-Party Vendor Management Process for all Cloud vendors and Service providers


    Client: Tier 1 Investment Bank


    Challenge

    • Charles Alan was asked to provided guidance and advisory support to businesses for the end-to-end Third-Party Risk Management process for all Cloud vendors and Service providers.

    Approach

    • Project managed a vendor specific ongoing strategy and action plans for the top 20 technology vendors across the enterprise, with a primary goal of driving successful outcomes from the vendor base while providing analysis & reporting of vendor risk and performance to stakeholders
    • Conducted Risk Analysis to identify current problematic / risky security practices in use based on regulatory standards 
    • Conducted security reviews of Cloud vendors, Service providers (Cloud InfoSec) through defined processes and tools; identified vendor risks where controls did not measure up to proscribed security requirements.
    • Vetted and reviewed SOC-2 Type-2 reports for SaaS Vendors
    • Drove remediation of identified vendor risks related to completed third party security reviews.
    • Facilitated the vendor management and security assessment process by working with other information security staff to evaluate vendor risks, coordinating communication with the risk owner and vendor, and ensuring proper approval of risk exceptions if necessary.

    Results

    • Established and managed the vendor management framework and associated processes for all technology vendors
    • Implemented compliance benchmarks for vendors and due diligence required thereof
    • Managed and streamlined the detailed Enterprise SOW process.

  • Implementation and maintenance of Penetration Testing

    Client: A Leading Clearing Exchange


    Challenge

    • Asked to lead the implementation and maintenance of penetration testing for various Payment platforms, concerning applications, APIs, internal and external infrastructure (servers, firewalls, and routers), and segmentation on-premise and AWS Cloud with respect to PCI DSS and GDPR.

    Approach

    • Managed all penetration testing through scoping, organising internal or third-party Pen Testers to execute various security sweep utilising such tools as Nessus, Metaspoilt, Burpsuite, Qualys, etc. arranging access to environments and data centres as well as suitable dates to run the tests, and managing resources. The objective was to locate any vulnerabilities, check OWASP, CVSS, ensure all security issues found have been resolved and retested successfully.
    • Controlled compliance with all cyber risk management and governance guidelines during penetration testing of platforms.

    Results

    • Successfully ensured all penetration testing was scheduled, executed on time, within budget and before PCI DSS deadlines for certifications.




Other consultancy and resource management solutions

Digital Transformation

Button

Programme Governance & Management

Button

Regulatory Reporting

Button
Share by: