Cybersecurity Services

Ascendant Cybersecurity Services

Ascendant offers a comprehensive suite of Cybersecurity services designed to proactively discover vulnerability areas, strengthen your firm’s defenses and help you sleep better at night. With our expertise in financial services and a constant focus on the evolving regulatory landscape, we can implement security safeguards that help protect important client data while ensuring that compliance remains a source of strength for your firm.

Our service packages offer several levels of options: Bronze, Silver, Gold and Platinum, allowing you to customize a plan to fit your needs and budget.

Our Services

Cybersecurity Prepardness Package

  • Policy Checklist
  • Model Cybersecurity Policies
  • Network Vulnerability Scan (Once anually)
  • Monthly Cybersecurity Alerts and Content Access
  • Location: Remote

Cybersecurity Gap Analysis Package

  • Policy Checklist
  • Detailed Policy Gap Analysis and Ascendant™ Assurance verification
  • Custom Cybersecurity Policies
  • Network Vulnerability Scan (Semi-Anually, quarterly or monthly)
  • Monthly Cybersecurity Alerts and Content Access
  • IT Governance Review
  • Location: Remote

Cybersecurity IT Risk Assessment Package (ITRA)

  • Policy Checklist
  • Detailed Policy Gap Analysis and Ascendant™ Assurance verification
  • Custom Cybersecurity Policies
  • Network Vulnerability Scan (Monthly)
  • Monthly Cybersecurity Alerts and Content Access
  • Onsite Interviews and Testing
  • Physical Premises Security Reviews
  • IT Governance Review
  • Patch Management Assessment
  • IT Consulting (4 hours)
  • Location: On site

Strategic Cybersecurity Package (NIST Framework Implementation)

  • Detailed Policy Gap Analysis and Ascendant™ Assurance verification
  • Custom Cybersecurity Policies
  • Network Vulnerability Scan (Monthly)
  • Monthly Cybersecurity Alerts and Content Access
  • Onsite Interviews and Testing
  • Physical Premises Security Reviews
  • IT Governance Review
  • IT Consulting (10 hours)
  • Location: On site
  • Network Vulnerability Scan (Included)
  • IT Consulting: Personalized review of Penetration Test Results
  • Location: Remote
More Information

Fill in the form below to request more information about our Cybersecurity Services and Packages.

Loading form...
IT Risk Assessment

The first step in establishing a solid compliance program is a Risk Assessment of your IT system. Ascendant engages in a collaborative approach to reviewing and improving your existing IT program, cybersecurity, and information practices, and empowering you with the information necessary to implement reasonable controls. We will visit on site and examine a series of key factors including:

  • Information Technology Assessment In Relation To the SEC/FINRA’s Enterprise Risk Management Guidance – We will examine your governance structure; the relationship among compliance, management and IT; IT requirements in relation to your business objectives; IT risks and mitigation and control; IT effectiveness in the context of investment adviser statues, regulations and best practices; and more.
  • Information Technology and Due Diligence Examination and Testing – Substantive areas include physical premises security; employee safety; access controls relating to premises, networks, devices, and applications; firewall protections; technology standards; wire transfer fraud controls; business continuity plans; disaster recovery plans; and more.
  • Information Technology Planning – We’ll make recommendations for your company’s IT future related to enterprise architecture; management and CCO responsibility; other advisory firm management responsibilities; policies and procedures, and more.
  • NIST Cybersecurity Framework Understanding and Adoption – We will inform you concerning government and agency adoption of new voluntary standards and best practices with respect to cybersecurity. Based upon assessment and review of your IT profile and business practices, we will advise you on the implementation of such standards.
NIST Framework Assessment

In February 2013, President Obama issued Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” which directed the National Institute of Standards and Technology to work with stakeholders to develop a voluntary framework for reducing cyber risks. Since then, the SEC issued a blueprint for protecting investors and the capital markets, incorporating the NIST framework as part of its efforts.

While the framework is considered “voluntary,” both the SEC and FINRA are leveraging it as their method of reviewing firms. With the regulators of the industry so reliant upon it, adoption is clearly advantageous for businesses in illustrating their commitment to protecting client data and instilling investor confidence.

Ascendant can fully implement the NIST Framework for standardizing communication in your Risk Management process and expand it as necessary across multiple entities and businesses.

Vulnerability Scanning

The SEC has explicitly mentioned firm assessment of system vulnerabilities and responsive remediation efforts as a focus of its examiners in the months to come, so a vulnerability scan is not only a great way to illustrate your compliance culture, it’s also a key safety mechanism.

The most common breaches are ones that exploit vulnerabilities for which a fix exists. A network vulnerability scan looks at your network the way that a burglar would look at the homes in a neighborhood, trying various doors and windows to see which are open, or which may be unlocked and allow someone to enter. The scanning can provide valuable information regarding the holes in your network along with the corresponding risk classification.

It is an affordable way for firms of all sizes to assess risk, especially important given the SEC’s admission that small and midsize businesses are the principal targets of cybercrime.

Network vulnerability scanning is done on your external-facing network, and we furnish you with a report highlighting the vulnerabilities we identified as well as suggested remediation.

Penetration Testing

While vulnerability scanning is a light-touch test that checks for open windows and unlocked doors, a penetration test goes a step further, sliding into those unsecured spaces and through the system as a cybercriminal would to better understand the magnitude of business and operational risk posed by each specific vulnerability.

The comprehensiveness of the test provides the truest assessment of points of weakness and areas requiring immediate attention, offering firms the best opportunity at safeguarding assets, information and reputation.

Ascendant offers two types of penetration testing: (1) External Penetration Testing (EPT), and (2) Web Application Penetration Testing (WAPT). While the former tests your network and its connected systems, the latter examines specific web applications you are using to store firm and client data – typically those with a username/password login and a database backend.

Pen testing is done remotely, with specialists starting from the same vantage point as anyone trying to exploit your systems. At the conclusion of the process, firms are issued a report identifying discovered vulnerabilities and a detailed corrective action plan to address those items.

One-Off Engagements

Ascendant ITRA can assist specific elements of your firm’s technology program. A partial list of our services include:

  • Technology Audit of your firm’s IT Control Objectives based upon ISACA® standards.
  • Governance and the Alignment of IT Strategy with Business Objectives
  • Privacy and Information Security and the Sensible Use of Encryption
  • Business Continuity Management
  • Internal Processes such as Enterprise Architecture, Network Security, Authorization and Access, System Maintenance, Penetration Testing, Product Development, Change Management
  • Mobile Device and Social Media Management
  • Incident Response and Management, Developing Policies and Practices for ID Theft/Breach
  • Outsource Processes including Third-Party Vendor Due Diligence, Service Level Agreements, and Cloud-Based Services
  • Employee/Staff Policies and Procedures, Onboarding and Off-boarding
  • Training focused on Information Security, Awareness, Reporting/Escalation and Social Engineering

Ascendant has the ability and expertise to customize a plan to fit your needs, budget and timeline.

We have experts with Certified Information Systems Auditor (CISA®), Certified Information Systems Manager (CISM®), and Certified in Risk and Information Systems Control (CRISC™) designations, hands-on experience and an extensive understanding of the regulatory environment. Our team also includes Compliance Consultants, System Integrators, Software Architects, and Developers, ensuring a full 360-degree view of the challenges faced by the compliance universe, as well as its most current solutions.

Certified Information Systems Auditor (CISA®) is the gold standard certification for IT Audit and Assurance programs. Certification has been established since 1978 and is one of the few designations formally approved by the US Department of Defense. In 2009, SC Magazine named the CISA® designation winner of the Best Professional Certification Program.

Certified Information Security Manager (CISM®), also a DOD-approved designation, denotes individuals certified for practical implementation, design, build, and management of enterprise security programs.

Certified in Risk and Information Systems Control (CRISC™) is the only certification that prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise.

Whatever your needs, Ascendant will work with you to make compliance a source of strength.

Please call 1-860-435-2255 for more information.

Contact Us

Latest Content

DOL Fiduciary Rule Transition Period Extension to 2019 Requested

The Secretary of Labor, Alexander Acosta, made a court filing on August 9 requesting the Transition Period and Delay of Applicability for the Department of Labor Fiduciary Rule be extended from January 1, 2018 to July 1, 2019. This court filing included extending the deadlines for the following Prohibited Contract Exemptions: Best Interest Contract Exemption … Continued

SEC Cyber Sweep Highlights Areas In Need of Improvement

The results of the SEC’s second cybersecurity sweep examinations are in, and they paint a picture of an industry that has come to grips with the need to address cybersecurity risk, but where the canvas is incomplete in many respects.

Colorado Joins New York in Mandating Cybersecurity Controls for Financial Institutions

On the heels of the recently adopted New York State Department of Financial Services Cybersecurity Regulation (23 NYCRR 500), Colorado has followed suit with its own set of protections. The Colorado Division of Securities has issued cybersecurity regulations applicable to broker dealers and investment advisers registered with the state, which are codified in Sections 51-4.8 … Continued

Form ADV: What You Need to Know Now to Prepare for October

October 2017 new Form ADV amendments continue the big data trend. Form ADV continues to expand ever more rapidly as data mining and handling techniques by regulators allow for the utilization of Form ADV for risk measurement. Ease the burden of answering over 100 separate questions (plus scores more for each private fund) through this … Continued

Electronic Messaging Exams: Looking Beyond Emails

The SEC is conducting “electronic messaging” examinations -- mainly in the New York region -- which include all forms of written communications related to an Adviser's business.

Mailing List

Subscribe to the Ascendant Compliance email list for the latest compliance resources, conferences, ComplianceCasts™, and more.

Loading form...

Contact Us

Ascendant works together with clients to identify and assess critical needs through customized plans. If you need assistance with compliance functions, regulatory services, cybersecurity or technology tools, we’d love to speak with you.