Ascendant offers a comprehensive suite of Cybersecurity services designed to proactively discover vulnerability areas, strengthen your firm’s defenses and help you sleep better at night. With our expertise in financial services and a constant focus on the evolving regulatory landscape, we can implement security safeguards that help protect important client data while ensuring that compliance remains a source of strength for your firm.

Our service packages offer several levels of options: Bronze, Silver, Gold and Platinum, allowing you to customize a plan to fit your needs and budget.

Our Services

Bronze Package: Cybersecurity Prepardness Package

  • Policy Checklist
  • Model Cybersecurity Policies
  • Network Vulnerability Scan (Once anually)
  • Monthly Cybersecurity Alerts and Content Access
  • Location: Remote

Silver Package: Cybersecurity Gap Analysis Package

  • Policy Checklist
  • Detailed Policy Gap Analysis and Ascendant™ Assurance verification
  • Custom Cybersecurity Policies
  • Network Vulnerability Scan (Semi-Anually, quarterly or monthly)
  • Monthly Cybersecurity Alerts and Content Access
  • IT Governance Review
  • Location: Remote

Gold Package: Cybersecurity IT Risk Assessment Package (ITRA)

  • Policy Checklist
  • Detailed Policy Gap Analysis and Ascendant™ Assurance verification
  • Custom Cybersecurity Policies
  • Network Vulnerability Scan (Monthly)
  • Monthly Cybersecurity Alerts and Content Access
  • Onsite Interviews and Testing
  • Physical Premises Security Reviews
  • IT Governance Review
  • Patch Management Assessment
  • IT Consulting (4 hours)
  • Location: On site

Platinum Package: Strategic Cybersecurity Package (NIST Framework Implementation)

  • Detailed Policy Gap Analysis and Ascendant™ Assurance verification
  • Custom Cybersecurity Policies
  • Network Vulnerability Scan (Monthly)
  • Monthly Cybersecurity Alerts and Content Access
  • Onsite Interviews and Testing
  • Physical Premises Security Reviews
  • IT Governance Review
  • IT Consulting (10 hours)
  • Location: On site
  • Network Vulnerability Scan (Included)
  • IT Consulting: Personalized review of Penetration Test Results
  • Location: Remote

More Information

Contact Us

Fill in the form below to request more information about our Cybersecurity Services and Packages.

IT Risk Assessment
The first step in establishing a solid compliance program is a Risk Assessment of your IT system. Ascendant engages in a collaborative approach to reviewing and improving your existing IT program, cybersecurity, and information practices, and empowering you with the information necessary to implement reasonable controls. We will visit on site and examine a series of key factors including:

  • Information Technology Assessment In Relation To the SEC/FINRA’s Enterprise Risk Management Guidance – We will examine your governance structure; the relationship among compliance, management and IT; IT requirements in relation to your business objectives; IT risks and mitigation and control; IT effectiveness in the context of investment adviser statues, regulations and best practices; and more.
  • Information Technology and Due Diligence Examination and Testing – Substantive areas include physical premises security; employee safety; access controls relating to premises, networks, devices, and applications; firewall protections; technology standards; wire transfer fraud controls; business continuity plans; disaster recovery plans; and more.
  • Information Technology Planning – We’ll make recommendations for your company’s IT future related to enterprise architecture; management and CCO responsibility; other advisory firm management responsibilities; policies and procedures, and more.
  • NIST Cybersecurity Framework Understanding and Adoption – We will inform you concerning government and agency adoption of new voluntary standards and best practices with respect to cybersecurity. Based upon assessment and review of your IT profile and business practices, we will advise you on the implementation of such standards.

NIST Framework Assessment
In February 2013, President Obama issued Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” which directed the National Institute of Standards and Technology to work with stakeholders to develop a voluntary framework for reducing cyber risks. Since then, the SEC issued a blueprint for protecting investors and the capital markets, incorporating the NIST framework as part of its efforts.

While the framework is considered “voluntary,” both the SEC and FINRA are leveraging it as their method of reviewing firms. With the regulators of the industry so reliant upon it, adoption is clearly advantageous for businesses in illustrating their commitment to protecting client data and instilling investor confidence.

Ascendant can fully implement the NIST Framework for standardizing communication in your Risk Management process and expand it as necessary across multiple entities and businesses.

Vulnerability Scanning
The SEC has explicitly mentioned firm assessment of system vulnerabilities and responsive remediation efforts as a focus of its examiners in the months to come, so a vulnerability scan is not only a great way to illustrate your compliance culture, it’s also a key safety mechanism.

The most common breaches are ones that exploit vulnerabilities for which a fix exists. A network vulnerability scan looks at your network the way that a burglar would look at the homes in a neighborhood, trying various doors and windows to see which are open, or which may be unlocked and allow someone to enter. The scanning can provide valuable information regarding the holes in your network along with the corresponding risk classification.

It is an affordable way for firms of all sizes to assess risk, especially important given the SEC’s admission that small and midsize businesses are the principal targets of cybercrime.

Network vulnerability scanning is done on your external-facing network, and we furnish you with a report highlighting the vulnerabilities we identified as well as suggested remediation.

Penetration Testing
While vulnerability scanning is a light-touch test that checks for open windows and unlocked doors, a penetration test goes a step further, sliding into those unsecured spaces and through the system as a cybercriminal would to better understand the magnitude of business and operational risk posed by each specific vulnerability.

The comprehensiveness of the test provides the truest assessment of points of weakness and areas requiring immediate attention, offering firms the best opportunity at safeguarding assets, information and reputation.

Ascendant offers two types of penetration testing: (1) External Penetration Testing (EPT), and (2) Web Application Penetration Testing (WAPT). While the former tests your network and its connected systems, the latter examines specific web applications you are using to store firm and client data – typically those with a username/password login and a database backend.

Pen testing is done remotely, with specialists starting from the same vantage point as anyone trying to exploit your systems. At the conclusion of the process, firms are issued a report identifying discovered vulnerabilities and a detailed corrective action plan to address those items.

Cybersecurity Policies and Procedures
Ascendant creates tailored and risk-based policies and procedures for firms designed to address the New York State Department of Financial Services (NYYDFS) Cybersecurity Regulation (23 NYCRR 500) to include the following areas to the extent applicable to the Company’s operations:

  • Information Security
  • Data Governance and Classification
  • Asset Inventory and Device Management
  • Access Controls and Identity Management
  • Business Continuity and Disaster Recovery Planning and Resources
  • Systems Operations and Availability Concerns
  • Systems and Network Security
  • Systems and Network Monitoring
  • Systems and Application Development and Quality Assurance
  • Physical Security and Environmental Controls
  • Customer Data Privacy
  • Vendor and Third-Party Service Provider Management
  • Risk Assessment
  • Incident Response

One-Off Engagements
Ascendant ITRA can assist specific elements of your firm’s technology program. A partial list of our services include:

  • Technology Audit of your firm’s IT Control Objectives based upon ISACA® standards.
  • Governance and the Alignment of IT Strategy with Business Objectives
  • Privacy and Information Security and the Sensible Use of Encryption
  • Business Continuity Management
  • Internal Processes such as Enterprise Architecture, Network Security, Authorization and Access, System Maintenance, Penetration Testing, Product Development, Change Management
  • Mobile Device and Social Media Management
  • Incident Response and Management, Developing Policies and Practices for ID Theft/Breach
  • Outsource Processes including Third-Party Vendor Due Diligence, Service Level Agreements, and Cloud-Based Services
  • Employee/Staff Policies and Procedures, Onboarding and Off-boarding
  • Training focused on Information Security, Awareness, Reporting/Escalation and Social Engineering

Ascendant has the ability and expertise to customize a plan to fit your needs, budget and timeline.

We have experts with Certified Information Systems Auditor (CISA®), Certified Information Systems Manager (CISM®), and Certified in Risk and Information Systems Control (CRISC™) designations, hands-on experience and an extensive understanding of the regulatory environment. Our team also includes Compliance Consultants, System Integrators, Software Architects, and Developers, ensuring a full 360-degree view of the challenges faced by the compliance universe, as well as its most current solutions.

Certified Information Systems Auditor (CISA®) is the gold standard certification for IT Audit and Assurance programs. Certification has been established since 1978 and is one of the few designations formally approved by the US Department of Defense. In 2009, SC Magazine named the CISA® designation winner of the Best Professional Certification Program.

Certified Information Security Manager (CISM®), also a DOD-approved designation, denotes individuals certified for practical implementation, design, build, and management of enterprise security programs.

Certified in Risk and Information Systems Control (CRISC™) is the only certification that prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise.

Recent Whitepapers

Recent ComplianceCasts™