home
about us
products & services
news events
case studies
case study 1 - 2 - 3 - 4 - 5 - 6
resources
contact us
* *
case study previous case studynext case study

International Bank - Internet banking security consultancy & testing

client
The client is the European Division of one of the world's largest retail banks.

client requirement and business drivers
As part of their European development strategy the bank had an objective to establish a state of the art Internet Banking System. At the earliest stages of the project, security assurance was naturally identified as a critical element.

The main business drivers were:

enabling
  • compliance with FSA and other international regulations demanded effective and demonstrable levels of security
  • a high level of confidence had to be established within the business, to ensure that the go head for the project to go live was achieved to meet tight business driven timescales
  • the success of investment in such on-line services required high levels of customer confidence to be established and maintained through the secure launch and ongoing operation of this service
risk reduction
  • recognition of the potential high level of financial exposure to the bank and its customers from inadequate security
  • recognition of the potentially disastrous impact on brand and reputation that would arise from any security related incident

Recognising the importance of the right specialist expertise, together with the need for objectivity and independence commissum was engaged to meet the business and technical security related objectives of the project within tight timescales set by the business.

commissum services provided
  • selected, focused e-Security design and analysis for the UK group Internet-facing infrastructure;
  • pre-launch application security testing of the integrated solution comprising bespoke and off-the-shelf elements;
  • network penetration testing; and
  • security analysis of critical back-end systems and infrastructure.

With launch dates being identified as business critical by the bank, commissum completed all work within planned timescales by adopting characteristic flexibility with respect to changing priorities, and difficult working hours, to accommodate the requirements of the business.

Working closely with the client on a day-to-day basis, major issues were immediately communicated to the client as and when they were identified, and factored into the project prior to a successful launch.

Of note was the fact that commissum highlighted vulnerabilities in the off-the-shelf application at the heart of the Internet Banking System, which was already in use in deployments around the world; this resulted in immediate action by the 3rd party supplier of this application.

commissum continues to provide e-Security services to the bank as a trusted security partner, with other activities including application testing of internal banking management systems, advice on changes to internal processes, forensic services for incident investigation, and support to specialist security products.

   
site map

slash

 terms & conditions © 2001-2008, commissum