Case Study – High Street Bank

Background

Proactive Threat and Risk approach

Listen

This large multinational bank needed to augment their internal testing capability with external expertise.  They wanted a structured testing approach that complimented their compliance activities

Asses

We reviewed the current approach to controls attestation and red teaming and identified clear segregation on process which meant that test findings weren’t being factored back into the control environment.  We also needed to strengthen the threat intelligence flows to add more context

Test

We sample tested the control attestations with physical evidence to validate control design and operational effectiveness.  We reviewed the red team processes for work prioritisation, techniques and capability as well as the threat intelligence and risk functions

Recommend

We delivered a comprehensive management report showing the current capability, approach and maturity as well as a list of recommended improvements to the full people/process/technology stack.

 

 

They now have a complete new security strategy in relation to Threat and Risk.   They define their global security strategy as ‘Threat Led’.  Being aware of the risks that present themselves based on their current control maturity and effectiveness enables them to prioritise internal resource and testing activity for maximum risk reduction.  Cambridge Cyber Advisers are retained for assurance activity over the strategic security activities.