information assurance for online banking
commissum provided a range of specialist independent assurance services to the project; meeting tight business critical milestones with characteristic flexibility.
The client is the European Division of one of the world’s largest retail banks.
Requirement & Business Drivers
As part of their European development strategy the bank had an objective to establish a new state of the art Internet Banking System. At the earliest stages of the project, security assurance was naturally identified as a critical element.
The main business drivers were:
- compliance with FSA and other international regulations demanded effective and demonstrable levels of security
- a high level of confidence had to be established within the business, to ensure that authorisation for the project to go live was achieved to meet tight business driven timescales
- the success of investment in such on-line services required high levels of customer confidence to be established and maintained through the secure launch and ongoing operation of this service
- recognition of the potential high level of financial exposure to the bank and its customers from inadequate security
- recognition of the potentially disastrous impact on brand and reputation that would arise from any security related incident
Recognising the importance of the right specialist expertise, together with the need for objectivity and independence
commissum was engaged to meet the business and technical information security related objectives of the Internet Banking project within tight timescales set by the business.
The services were delivered in the following areas during the course of the project:
- selected, focused security design and analysis for the UK group Internet-facing infrastructure;
- pre-launch application security testing of the integrated solution comprising bespoke and commercial off-the-shelf elements;
- pre and post go-live network penetration testing; and
- security analysis of critical back-end systems and infrastructure and advice on lock-down.
With launch dates being identified as business critical by the bank, commissum completed all work within planned timescales by adopting characteristic flexibility with respect to changing priorities, and difficult working hours, to accommodate the requirements of the business.
Adopting a collaborative approach commissum worked closely with the client on a day-to-day basis. Major issues were immediately communicated to the client as and when they were identified, and recommended corrective action was factored into the project on an ongoing basis with commissum support prior to a successful launch.
Of note was the fact that commissum highlighted vulnerabilities in a commercial off-the-shelf application at the heart of the Internet Banking System. This was already in use in numerous deployments around the world; this resulted in immediate action by the 3rd party supplier of this application.
commissum continues to provide specialist assurance services to the bank as a trusted security partner, with other activities including application testing of internal banking management systems, advice on changes to internal processes, forensic services for incident investigation, and support to specialist security products.
- Case Study 1 - Online Banking Project Assurance
- Case Study 2 - Government Data Handling, BCP & ISO27000 consultancy
- Case Study 3 - Oil & Gas Industry - Asset Tracking System Project Assurance
- Case Study 4 - Professional Institute - Strategic Security Review
- Case Study 5 - Government Agency - Business Continuity Exercise
- Case Study 6 - Government Agency - CLAS Services for Accreditation
- Case Study 7 - National Engineering Group - Security Programme
- Case Study 8 - Application Service Provider - Investor Due Diligence
- Case Study 9 – Global Legal Firm - Annual Test Programme & Security Partnership
- Case Study 10 - Investment Bank - Secure Application Development Training
- Case Study 11 - Manufacturing Company - Active Directory Review & ISO27001/27002 Gap Analysis
Get in touch with one of our security consultants today
- No obligation
- Expert advice
- Tailored solutions
"commissum provided us with a high quality service. We found the project team helpful and flexible in responding to changes in requirement; the technical staff in particular were excellent. All commitments including deliverable timescales were met and I would have no hesitation in recommending commissum.”
Mr A Moretti, Executive Director for IT Security Risk Management, Global Investment Bank
"We have been impressed with the overall quality of the service from commissum. The thorough, detailed and yet clear report we received was first class. We continue to use commissum and are happy to recommend them to others.”
Mr Brian S, IT Systems & Communications Director, Investment Management Services
"Professional and courteous service provided throughout the entire process. Excellent communication with commissum and nothing was ever too much trouble. Would recommend without hesitation.”
Mr Kevin L, Technical Support Manager, National Building Society
"commissum carried out the project extremely well within tight deadlines…. All work was to a very high standard….. deliverables were appropriate for an audience from Board to IT. The consultants were extremely professional and very responsive to requirements. We are a particularly happy customer and have already recommended commissum to other businesses within our sector.”
Mr Michael S, IT Director, National Building Society