Security audits may seem to come around quickly in our fast-moving cyber world. A consistent consequence of your regular audit is that it is a nerve-wracking experience for someone on the team.
Ideally, you will have a consultation team that does not just write you a detailed report but, rather, remains accessible to you through the process. One that lets you know what flags are raised and what looks solid.
As cyber-insurance rates continue to skyrocket, companies are working tirelessly to avoid being the next Ashley Madison. Reputations fall with security breaches and not just breaches of dating sites. When working in the financial and health care sectors, the regulatory landscape is vast and constantly evolving. As a result, clients choose teams with solid track records in their industry when such an important audit comes up.
A Security Audit for our Client
An investment bank approached SoHo with a request for a full security audit. The specification included:
- Understanding the security posture to identify areas of improvement
- Amending the security strategy and program in light of the assessment
The review entailed a full assessment of the security team’s capabilities, organizational structure, and job descriptions. It also required a full review and revision of governance documentation to ensure that all policies, procedures, standards, and guidelines aligned with the recommended security strategy.
As a result of the review cycle, SoHo created a comprehensive security strategy and implementation plan. This included recommended improvements needed to reduce risk and secure the enterprise.
The plan provided clear gap analyses identifying where the organization’s security aligned with best practice and made recommendations for improvements where they did not. Such improvements touched upon system build processes. Specifically, SoHo implemented a strategy to enable new systems to be spun up outside of the production network. This ensured that all intranet-accessible devices were fully patched and scanned before deployment.
Recommendations were also made concerning certain administrative processes. The report included a prioritized risk response executive summary action plan addressing such issues.
As a result of the security audit and implementation response to it, the client has a robust IT infrastructure and security policies. With best-in-class Identity and Access Management (IAM) for all intranet access and a secure physical perimeter, including those edge devices used by employees, SoHo’s client saw:
- A significant reduction in the cost of resetting passwords
- Improved resource provisioning
- Improved de-provisioning rate
A Security Audit Saves Time
SoHo’s’ client is free to focus time and resources on their investments and reputation, rather than concerning themselves over IT compliance requirements.