Skip to Main Content Skip to Footer

CASE STUDY

Identifying security improvements through risk assessments

Miles IT helps a financial services organization assess risk levels and current control activities to determine the next steps for security enhancements.

 
Financial services

MEET THE CLIENT

Financial services organization

As part of the finance industry, the client recognized the criticality of improving cyber security.
 

When they reached out looking for help, they were entirely new to Miles IT; this meant we had little background information regarding their environment at the beginning of the engagement.

PRIMARY GOALS

Recognize gaps in organizational security

Understanding the significance of powerful security measures, the client reached out to our team for help identifying and prioritizing areas of advancement.

Identify Security Shortcomings

The client thought their security posture could be better but wasn’t sure where to begin or which areas to focus on.

scales icon

Prioritize Key Areas of Improvement

Understanding and ranking primary focus areas was essential so the client could effectively plan remediation actions.

shield icon

Strengthen Organizational Security Posture

Overall, the client’s goal was to use the results of our engagements to gain tangible steps for enhancing control activities.

OUR PROVEN PROCESS

Thorough risk assessments & ranked results

To gain a clear picture of the client’s security posture, our team, led by our Director of Compliance and Risk Management and Compliance Analyst, performed a variety of in-depth risk assessments.

lightbulb icon

Define Scope

We begin each assessment by determining the scope of the engagement to keep all parties in alignment regarding testing mechanisms and results.

manufacturing gears icon

Perform Risk Assessments

After clarifying the scope, we conducted a series of risk assessments that evaluated the business’ technical and organizational threats.

pie graph reporting icon

Prepare Report

Next, we documented our findings in a transparent report, ranked in order of priority.

thumbs up icon

Share Recommendations

Finally, we presented the report to the client and shared our recommendations for moving forward.

OUR STRATEGY

Analyze all aspects of organizational security

Our comprehensive risk assessments evaluated all facets of the organization’s security to give the client in-depth insights regarding focus areas and resolution efforts.

web design icon

Sensitive Information Flow Mapping

We outlined how sensitive information is shared between systems & users, then determined ways to better secure those practices for safe data handling.

manufacturing gears icon

Organizational Risk Assessment

With this assessment, the client shared their perception of organizational risk levels before we performed our assessment. Then, we compared the two to see perceived vs. actual threats.

science icon

Internal/External Vulnerability Assessments

We conducted testing to uncover ways the client’s external-facing and internal-facing systems were susceptible to potential data breaches or cyber attacks.

crm icon

Directory Services Vulnerability Assessment and Path to Admin Testing

Our team identified how pathways could potentially be exploited by bad actors or internal users to gain access to the client’s systems and data.

open book icon

Documentation Assessment

We reviewed the client’s security policies and procedures to ensure documentation aligned with actual processes and recommended standards.

pie graph reporting icon

Office 365 Assessment

To discover potential risks in the client’s Office 365 environment, we assessed controls and user access levels and highlighted areas of concern.

wireless network connectivity icon

Network Device Configuration Assessment

We examined the configuration of the organization’s network equipment, both for its function (correct equipment and correct task) and the security controls surrounding its implementation.

padlock icon

NIST CSF Maturity Assessment

By evaluating the client’s current posture against an existing framework, we could measure the organization’s maturity objectively.

THE RESULTS

Clearly defined areas of improvement

With our help, the client understood weaknesses in their current control activities and learned steps to take to mitigate them.

Transparent Recommendations

Originally, the client had limited knowledge about their organization’s security gaps; by the end of the process, they knew exactly where they stood.

Prioritized Remediation Strategy

With a strong understanding of primary security focus areas, the client’s staff recognized which items to take action on first.

Continual Advancement

Our assessments gave the client an in-depth foundation of knowledge and paved the way for them to continually refine their security posture in the future.

MOVING FORWARD

Increased understanding of security challenges

Now, the client recognizes the security areas that need closer attention and can take steps to resolve them.
 

Looking for a security posture assessment or another type of risk assessment for your organization? Contact us to learn how you can improve control activities.