Case Study: At a Glance
Challenges:
Testing of security posture to ensure that customers' information was protected
Results:
Collaboration between NCC Group and the organization ensured fully-integrated cyber security knowledge and provided greater visibility of potential vulnerabilities.
Services Rendered:
Cyber Security Review (CSR)
Situation
NCC Group worked with a large international financial services organization with an extensive portfolio of digital offerings, ranging from customer-facing banking-related applications, commercially-oriented applications, and the exposure of financially related APIs to be consumed by third parties. Challenges included:
- Given the high value of the information on which the applications operate, the client required the integration of security testing at various points within a rapidly moving development lifecycle.
- A breach in any of the applications would likely attract significant regulatory fines and reputational damage to the client.
- NCC Group provided the necessary expertise at the optimum parts of the development processes to provide high-value assurance activities on critical applications.
Task
The client engaged NCC Group to conduct Cyber Security Reviews (CSR) of all their regions leveraging the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF). NCC Group stood up a global team that was centrally managed but staffed locally to align regional culture and language requirements. Planning and client communications were handled centrally to ensure NCC Group consultants functioned as a cohesive voice.
Action Items
Consultants from NCC Group were integrated into the development lifecycle of the applications, providing consultation to the different teams at various points.
- Reviewed design patterns and architectural collateral
- Assessed the implementation followed by making the implementation less clear to identify potential vulnerabilities
- Consulted with developers to ensure security requirements were captured and documented
- Provided security assurance and penetration testing on new and existing assets
- Helped client understand security implications on legacy or pre-existing solutions
Results
NCC Group integrated our deep cyber security expertise into the client's development teams and processes to accelerate cyber security knowledge rapidly. As a result, the client gained greater visibility of security-related vulnerabilities and issues at an earlier stage of the development process, making remediation more effective and reducing the overall risk to the organization's brand and clients. NCC Group worked collaboratively with the client to provide the necessary skills and expertise to significantly reduce the client's risk.
Download this case study or learn more about Cyber Security Review.
Doing research on CSR? Download this case study, read more about CSR, or reach out to a cyber security expert to see how CSR could work for your business.