Regulatory Compliance

Banks and financial institutions need to comply with a wide range of regulations and their complex cybersecurity requirements. ERMProtect provides expertise and turnkey guidance related to the following regulations and standards:

• Gramm-Leach-Bliley Act (GLBA)
• Fair and Accurate Credit Transactions Act (FACTA)
• FFIEC Cybersecurity Standards
• The NYDFS Cybersecurity Regulation (23 NYCRR 500)
• General Data Protection Regulation (GDPR)
• Bank Secrecy Act (BSA)
• Sarbanes-Oxley Act (SOX)
• Payment Card Industry Data Security Standard (PCI DSS)
• National Institute of Standards and Technology (NIST) Standards
• ISO 27001/2 Standards

From compliance gap analyses to specific standard/regulatory tool-based reviews/audits as well as cybersecurity maturity assessments and framework implementations, ERMProtect will help you do it all.

Cybersecurity Risk Assessment

Our collective and holistic approach to risk assessment means that key components like asset identification and classification, threat identification and analysis, and safeguard identification and implementation, can be performed to collectively address the requirements of multiple regulations.

 Cybersecurity Program

While also a regulatory requirement across multiple regulations, a good cybersecurity program is the foundation of an organization’s cybersecurity apparatus. ERMProtect can build one for you from scratch or help you improve your existing one.

 Cybersecurity Documentation

Atop your cybersecurity program, you need to build a robust core of policies and procedures that will be adhered to and enforced across your organization. Documenting a Business Continuity Plan (BCP) or Disaster Recovery Plan (DRP) would be your next step followed by a Third-Party Vendor Oversight Program and a Cybersecurity Awareness and Training Program. ERMProtect can help you create cybersecurity documentation that aligns with industry leading practices, factors in regulatory requirements, and reputable worldwide standards.

 Penetration Testing

We help you assess your cybersecurity defenses by performing ethical hacking tests on them. Real-world hacking techniques that we have perfected ensure that your infrastructure gets a proper dress-rehearsal of an actual attack, minus the malicious intent. Our penetration tests cover every piece of technical infrastructure that exists in organizations today – networks, web applications, mobile devices, mobile applications, wireless networks, Bluetooth, IoT devices, SCADA/ICS – basically, anything that connects to a network. And for the weakest link in cybersecurity – the people – we perform social engineering assessments covering phishing, vishing, pretexting, and many other scenarios.

 Incident Response

The true resolve of an organization’s information security capability is tested at the time of hacker attacks and data breaches. Starting ground-up with your Incident Response Plan, we help you set the foundations of what you will do in the face of an incident. We also help you test the plan – whether that be with tabletop exercises or with actual Red, Blue, and Purple Team incident drills.

 Incident Recovery

If you’ve experienced a data breach or are experiencing a hacker attack live as you read this, we can help. ERMProtect provides emergency incident response that helps organizations interrupt active and ongoing attacks. We have seasoned ethical hackers on board who are well-versed in quickly determining how and from where an attack originated as well as how to identify and protect the potential targets. Our incident response experts can help you investigate data breaches to help in tracing the origin and root causes of the attack, evaluating the damage and impact levels, limiting the spread of the damage and impact, and remediating the cybersecurity loopholes to minimize the risk of a future breach. Our digital forensic examiners can assist you with digital forensic investigations during/after an information security breach, during fraud investigations, or in cases requiring litigation support. Our digital forensic examiners obtain, analyze, and preserve evidence using a formal chain of custody and advanced evidence handling methods to ensure that the evidence is permissible in a court of law.

 Cybersecurity Awareness Training

Bridging the human gap in cybersecurity is probably the most important link when it comes to protecting your organization from cyberthreats. A cyber-aware employee is an invaluable first line of defense from even the most determined hackers. ERMProtect’s cybersecurity awareness training platforms as well as our face-to-face training programs help you achieve exactly that.

 IT Audits

Information security encompasses technology, people, and processes. IT audits are designed to review in great detail, each of these elements. At a people and processes level, you want to ensure that operational, organizational, and procedural controls are in place and working as intended. At a technical level, the crux of security implementation lies in getting as close to the configurations setup in every single computer, device, or gadget in your technical infrastructure. ERMProtect’s IT audits dive deep into all of these elements to ensure that information security is robustly built into your organization’s technology, people, and processes.