Financial Services

You know protecting your customers’ important information is paramount when doing business. That’s why the financial services industry contains the amount of customer security regulations it does. This can seem like a burden at times, or perhaps even a source of anxiety. You may sometimes wonder if you’ve done all you can to be compliant. The great news is you don’t have to worry any longer.

In fact, we’re so certain you’ll be protected that we guarantee if there is ever an audit that finds a deficiency with a service we’ve been contracted to provide, we’ll fix the problem AND refund one month’s service.

PCSentry helps you demonstrate compliance with the following Federal Financial Institutions Examination Council (FFIEC) requirements:

Security Monitoring—The use of various methodologies to gain assurance that risks are appropriately assessed and mitigated (FFIEC IS page 4)
Gather data regarding the information and technology assets of the organization, threats to those assets, vulnerabilities, existing security controls and processes, and the current security standards and requirements (FFIEC IS page 9)
Financial institutions should develop a strategy that defines control objectives and establishes an implementation plan including layered controls that establish multiple control points between threats and organization assets (FFIEC IS page 17)
Host hardening, including patch application and security-minded configurations of the operating system (OS), browsers, and other network-aware software (FFIEC IS page 60)
Host IPS, including anti-virus, anti-spyware, and anti-rootkit22 software (FFIEC IS page 60)
Software support should incorporate a process to update and patch operating system and application software for new vulnerabilities. Frequently, security vulnerabilities are discovered in operating systems and other software after deployment. Vendors often issue software patches to correct those vulnerabilities. Financial institutions should have an effective monitoring process to identify new vulnerabilities in their hardware and software (FFIEC IS page 68)
Logging and monitoring user or program access to sensitive resources and alerting on security events (FFIEC IS page 46)
Monitoring network and host activity to identify policy violations and anomalous behavior (FFIEC IS page 81)
Monitoring host and network condition to identify unauthorized configuration and other conditions which increase the risk of intrusion or other security events (FFIEC IS page 81)
Scanning for technical vulnerabilities (FFIEC IS page 87)
Financial institutions should continuously gather and analyze information regarding new threats and vulnerabilities, actual attacks on the institution or others, and the effectiveness of the existing security controls (FFIEC IS page 95)
Establish an effective process that monitors for vulnerabilities in hardware and software and establishes a process to install and test security patches (FFIEC IS page 96)
Maintaining up-to-date anti-virus definitions and intrusion detection attack definitions (FFIEC IS page 96)
Inventory of all computing hardware (FFIEC OP page 6)
Inventory of all computing software (operating systems, applications, and back office and environmental applications) [FFIEC OP page 6]
Use performance monitoring to provide an assessment of IT operations efficiency relative to controls (FFIEC OP page 38)

Financial Services

Free Trial

Solutions

PCSentry

webSentry - web content filtering & protection

mailSentry - email spam & virus protection

Vulnerability Assessments

Vulnerability Scanning and Repair

Contact Us Today

News

Categories