CASE STUDY
Identifying security improvements through risk assessments
Miles IT helps a financial services organization assess risk levels and current control activities to determine the next steps for security enhancements.
MEET THE CLIENT
Financial services organization
As part of the finance industry, the client recognized the criticality of improving cyber security.
When they reached out looking for help, they were entirely new to Miles IT; this meant we had little background information regarding their environment at the beginning of the engagement.
PRIMARY GOALS
Recognize gaps in organizational security
Understanding the significance of powerful security measures, the client reached out to our team for help identifying and prioritizing areas of advancement.
Identify Security Shortcomings
The client thought their security posture could be better but wasn’t sure where to begin or which areas to focus on.
Prioritize Key Areas of Improvement
Understanding and ranking primary focus areas was essential so the client could effectively plan remediation actions.
Strengthen Organizational Security Posture
Overall, the client’s goal was to use the results of our engagements to gain tangible steps for enhancing control activities.
OUR PROVEN PROCESS
Thorough risk assessments & ranked results
To gain a clear picture of the client’s security posture, our team, led by our Director of Compliance and Risk Management and Compliance Analyst, performed a variety of in-depth risk assessments.
Define Scope
We begin each assessment by determining the scope of the engagement to keep all parties in alignment regarding testing mechanisms and results.
Perform Risk Assessments
After clarifying the scope, we conducted a series of risk assessments that evaluated the business’ technical and organizational threats.
Prepare Report
Next, we documented our findings in a transparent report, ranked in order of priority.
Share Recommendations
Finally, we presented the report to the client and shared our recommendations for moving forward.
OUR STRATEGY
Analyze all aspects of organizational security
Our comprehensive risk assessments evaluated all facets of the organization’s security to give the client in-depth insights regarding focus areas and resolution efforts.
Sensitive Information Flow Mapping
We outlined how sensitive information is shared between systems & users, then determined ways to better secure those practices for safe data handling.
Organizational Risk Assessment
With this assessment, the client shared their perception of organizational risk levels before we performed our assessment. Then, we compared the two to see perceived vs. actual threats.
Internal/External Vulnerability Assessments
We conducted testing to uncover ways the client’s external-facing and internal-facing systems were susceptible to potential data breaches or cyber attacks.
Directory Services Vulnerability Assessment and Path to Admin Testing
Our team identified how pathways could potentially be exploited by bad actors or internal users to gain access to the client’s systems and data.
Documentation Assessment
We reviewed the client’s security policies and procedures to ensure documentation aligned with actual processes and recommended standards.
Office 365 Assessment
To discover potential risks in the client’s Office 365 environment, we assessed controls and user access levels and highlighted areas of concern.
Network Device Configuration Assessment
We examined the configuration of the organization’s network equipment, both for its function (correct equipment and correct task) and the security controls surrounding its implementation.
NIST CSF Maturity Assessment
By evaluating the client’s current posture against an existing framework, we could measure the organization’s maturity objectively.
THE RESULTS
Clearly defined areas of improvement
With our help, the client understood weaknesses in their current control activities and learned steps to take to mitigate them.
Transparent Recommendations
Originally, the client had limited knowledge about their organization’s security gaps; by the end of the process, they knew exactly where they stood.
Prioritized Remediation Strategy
With a strong understanding of primary security focus areas, the client’s staff recognized which items to take action on first.
Continual Advancement
Our assessments gave the client an in-depth foundation of knowledge and paved the way for them to continually refine their security posture in the future.
MOVING FORWARD
Increased understanding of security challenges
Now, the client recognizes the security areas that need closer attention and can take steps to resolve them.
Looking for a security posture assessment or another type of risk assessment for your organization? Contact us to learn how you can improve control activities.
