STRENGTHENING YOUR CYBER PROGRAM
Strategies to Assess, Protect and Monitor
Managing cybersecurity risks is now considered part of a robust compliance program, yet many compliance professionals worry they do not understand the technical aspects enough to feel comfortable with their current program, or where to start developing one.
Federal regulations such as S-P, S-ID and Rule 206(4)-7 are quickly being accompanied by state regulations that also mandate sufficient Information Security policies and procedures are in place. States such as Massachusetts, California and most recently New York have enacted their own regulations dictating how firms need to secure their own information as well as that of their clients.
Ascendant can take that worry off your plate. We have designed a comprehensive cybersecurity package to help you manage these risks, while allowing you to focus on your core business.
We have designed a comprehensive cybersecurity package to help you manage these risks, while allowing you to focus on your core business.
- Understand your cybersecurity risks from both a regulatory and business/operational perspective
- Develop a robust Incident Response policy and test plan
- Test your staff with phishing and social engineering testing
- Implement the NIST Cybersecurity Framework as part of your cybersecurity strategy to have an understandable roadmap for discussion with senior management, compliance, and IT
- Assess the cybersecurity programs of other firms you are considering acquiring
- Penetration Testing
- Bring your cybersecurity policies and procedures up to industry best practices with a custom Information Security Policy manual created just for you
- Assess the adequacy of your patch management practices
- Train your staff on emerging threats with on-demand cybersecurity training and in-person cybersecurity training
- Prepare for a regulatory examination by assessing your ability to meet examiners’ expectations of controls, policies, and testing with our Cybersecurity Gap Analysis, designed to address the SEC’s OCIE Cybersecurity Examination Initiative
- Evaluate and document vendor due diligence
We offer training on our ACM platform, delivering training videos and attestations to your employees remotely.
For a more hands-on approach, Ascendant can send one of its Cybersecurity Specialists to train your employees on site.
Ascendant can create custom training solutions tailored to fit your firm’s needs. Whether you are looking to enhance training for one office or hundreds of branches, Ascendant has you covered.
1. Firm provides information security-related documentation to our secure ACM cloud portal.
2. Our ISACA-certified Information Security Consultants examine firm documentation using proprietary methodology and risk scoring.
3. A Gap Analysis report is provided documenting deficiencies with recommendations to assist in bridging gaps and bringing a firm’s Information Security Policy up to industry standard.
Ascendant can obtain assurances that vendors are providing secure services and not endangering firm data, providing policies to evidence this and procedures to help firms stay on top of due diligence.
With our ACM cloud technology, performing vendor due diligence is easy, secure and streamlined.
Many regulatory agencies such as the SEC, NY DFS and FINRA are requiring or expecting firms to perform regular vulnerability scans of their network. These scans give firms a picture of their network from an outsider’s perspective, with the idea of locking up their perimeters by limiting what information outsiders can observe. These scans can be verbose and confusing to those untrained in exploit identification; however, Ascendant can provide firms with reports containing executive summaries listing the issues in layman’s terms. In addition, we will walk through the identified vulnerabilities and remediation processes in plain English to ensure you walk away with an understanding of both the risks and the accompanying recommendations.
1. Using cloud-based scanners, the firm’s external network is examined for vulnerabilities.
2. A report is created identifying network vulnerabilities along with an executive summary of results.
3. In a call with you, Ascendant will discuss vulnerabilities identified and recommendations for remediation.
Firms feeling confident in the security of their network should test that security with a penetration test. A penetration test attempts to exploit security holes in a firm’s network through methods employed by hackers. These tests can be controlled, only testing certain aspects of a firm’s security or giving a firm a wider scope in the capabilities of their security.
Detailed documentation will be provided at the end of the engagement containing exploitation methods used, vulnerabilities found and recommendations. Not only will a penetration test help improve network security but it will also demonstrate a firm’s commitment to security.
A trained white hat specialist will try to exploit vulnerabilities in a network to gain access, much in the same way a real hacker would.
A detailed report will be provided, listing how a network was breached and what a firm can do about it.
After an engagement, a walkthrough of the report can be done to help the firm further understand how to strengthen network security.
The latest and greatest in security technology time and time again has shown to be ineffective against vulnerabilities stemming from human error. An employee may plug in an unknown USB stick, open an attachment in a phishing email or unknowingly disclose sensitive information. The realm of social engineering is giving hackers powerful non-technical methods of exploiting a firm’s security. It a firm’s job to ensure that its employees and affiliates are properly trained to help detect, prevent and respond to social engineering.
This service comprises of a phishing campaign targeting your employees. The testing involves several leading methods used over a predetermined amount of time, typically no less than a month. Over the course of the phishing campaign, data will be gathered to provide insight into employee behavior. The conclusions drawn will then be used to reinforce training and strengthen what is typically the weakest cyber link at every firm: people.
Spear phishing techniques to spoof emails can test employees’ security competency.
Detailed reports containing actions taken against emails, links clicked and attachments downloaded give management insight into employee behavior.
Additional phishing campaigns can be performed utilizing phone calls, USB devices or email-simulated exploitation.
AMONG THE CERTIFICATES HELD ARE:
Certified Information Systems Auditor is a globally recognized certification in the field of audit, control and security of information systems.
Certified Information Security Manager focuses on information risk management as the basis of information security.
Certified in Risk and Information Systems Control manage risk, design and oversee response measures, monitor systems for risk, and ensure the organization’s risk management strategies are met.
Further, our cybersecurity certifications supplement the industry knowledge our IT consultants have obtained through hands-on experience as systems integrators, software architects and developers, and IT project managers. Ascendant’s certified cybersecurity experts are frequently requested to speak at national conferences, and network with the FBI, CIA, technology vendors, law firms, and federal and state regulators to stay ahead of industry best practices and examination focus areas.
Ascendan’t IT team holds numerous industry-leading cybersecurity certifications
Whatever your needs, Ascendant will work with you to make compliance a source of strength.
Please call 1-860-435-2255 for more information.