case studies
Financial services
IT Security Assessment
- Client
- Major Worldwide Insurer
- Sector
- Financial services
Project description
This insurer has a major investment in IT security, including extensive formal procedures, dedicated software and manpower. The assignment was to review their effectiveness in one key part of the organisation.
Public domain information on security impacts worldwide was used to produce an Executive–level Business Impact report. From this and an analysis of the operation, penetration tests were identified.
Remote and in-house tests were carried out with prior agreement.
The results of this process were then input to a one-day workshop with the unit’s Audit, Personnel & IT managers.
From this, a checklist of actual strengths (repulsed/failed attempts) weaknesses (successful attempts) and potential weaknesses and issues were identified, together with the actions to be taken to bring security practice up to the 100% operational level required.
The checklists, results and remedial actions taken were made available to all other divisions, as a case study and template for their own use.
The company warned all units that similar reviews from the centre would take place without notice.
Outcome
The organisation found the participative approach highly effective, at minimum consultancy cost. Internal audits are currently in progress, using the case study template, without specialist external assistance.
