Business Requirement
The Scope of the work included IT Hardware and Cloud risk assessment for a credit union to comply for risk requirements and NIST / ISO adoption for Includes the NCUA requirements following areas of review:
- IS Policy and Procedure existence of controls is ISMS and
- R&R and SOD
- Server
- Pointer
- Laptop & Desktop
- Oracle Cloud Infrastructure
- ATM and Cash Recycler
- CCTV
- Hot sit Physical and Environmental security
- Email and Data encryption
Key Finding
- Risk register template adherence challenges
- Inherent and residual risk scoring with threat actors identification
- Controls and Adherence to security processes and log review/rule set review for firewalls
- End point protection issues
- Cloud administration and user management issues
- Compartmentalization issues in cloud
- Google workspace challenges on MFA and Retention
- Risk library was reviewed for applicable risks
- Inventory mapping for process, data, evidences, documents and artifacts
- VAPT report review
- Gap analysis and risk identification
- Mapping of existing controls and effectiveness review
- Enabled risk library with domain & technology risks
Business Benefit and Result
- Improved Design of controls and operating effectiveness
- Risk library with inherent and residual risks
- Risk scoring and enablement management action
- Proactive risk management and controls definition
- CAPA definition and roll out
