Industry: Financial Services
Service: Professional Services
Location: North America
Organization Type: Private
Employees: 501-1,000
Dedicated IT Staff: 5
Needs And Requirements:
This financial institution offers a full array of loan, deposit, and online banking products, including mortgages and wealth management. Explosive growth through acquisitions had altered its security program, which was initially immature, and audit focused. Facing compliance requirements from various financial regulatory bodies, the bank required external support to streamline these efforts. The EVP/CIO sought a comprehensive security program that exceeded mere compliance.
Main Challenges:
Compliance with Regulatory Requirements: This institution required support to comply with necessary regulations.
Complex and Interconnected Technology Infrastructure: Following rapid growth, the bank’s complex infrastructure necessiated comprehensive assessments.
Evolving and Sophisticated Threat Landscape: The broader threat landscape was becoming more complex, demanding sophisticated response mechanisms.
Solution:
Architecture Security: Hitachi Cyber conducted an in-depth assessment of the bank’s information security architecture to develop security disciplines, strategy, services, and a roadmap. Collaborating with Hitachi Cyber, the bank designed an architecture addressing vulnerabilities in their corporate information assets. Our Senior consultants recommended the Sherwood Applied Business Security Architecture (SABSA) methodology, allowing integration and removal of various cybersecurity control frameworks and best practices to meet compliance needs. This engagement included regulations and guidelines such as the Gramm-Leach-Bliley Act (GLBA), the Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook, FFIEC Cybersecurity Assessment General Observations, and the Payment Card Industry (PCI) Data Security Standard.
Outcomes:
Under Hitachi Cyber’s guidance, the Bank significantly enhanced control over external and internal audits by harmonizing compliance regulations. They streamlined compliance efforts by normalizing controls required by multiple laws and regulations, improved their overall security posture, and established a robust security architecture when acquiring new banks. This approach ensured consistency and efficiency across the organization, facilitating management and addressing vulnerabilities associated with corporate information assets that support their business operations.
Next Steps:
Moving forward, the bank will continue collaborating with Hitachi Cyber to meet regulatory compliance requirements. They will seek our expert guidance and apply Security Architecture to future acquisitions, ensuring a significantly improved security posture.
