This large multinational bank needed to augment their internal testing capability with external expertise. They wanted a structured testing approach that complimented their compliance activities
This large multinational bank needed to augment their internal testing capability with external expertise. They wanted a structured testing approach that complimented their compliance activities
We reviewed the current approach to controls attestation and red teaming and identified clear segregation on process which meant that test findings weren’t being factored back into the control environment. We also needed to strengthen the threat intelligence flows to add more context
We sample tested the control attestations with physical evidence to validate control design and operational effectiveness. We reviewed the red team processes for work prioritisation, techniques and capability as well as the threat intelligence and risk functions
We delivered a comprehensive management report showing the current capability, approach and maturity as well as a list of recommended improvements to the full people/process/technology stack.
They now have a complete new security strategy in relation to Threat and Risk. They define their global security strategy as ‘Threat Led’. Being aware of the risks that present themselves based on their current control maturity and effectiveness enables them to prioritise internal resource and testing activity for maximum risk reduction. Cambridge Cyber Advisers are retained for assurance activity over the strategic security activities.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.