Our client a commercial bank had outdated policies and procedures that didn’t address cyber risk management. The policies didn’t address the latest sophistication in technological advances that made information security threat easier. There were no clear policies documented which led to ambiguity on what to consider while integrating an external solution into bank models. This could result in additional costs at a later stage to remediate vulnerabilities and potentially expose confidential data. Additionally, undefined policies and procedures would undermine their position legally if any action is required to be taken to resolve a data breach

Our Solution:

We helped define policies and procedures for cyber risk management including planning around deliverable such as response planning, monitoring mechanism for risk based cybersecurity program as well as guidelines on usage of social media communications to avoid cyber attacks. The policies were created by engaging all stakeholders to ensure that they are clearly understandable by them and could be incorporated into projects and strategic plans. The frequency of updating these policies was also set up to stay ahead of the most recent updates