Information Security
InfoSec Services in line with financial industry standards, and regulatory standards
Cloud Security
Review and Assess the Cloud Security strategies, policies, technology used associated with different cloud models (IaaS, PaaS, AaaS)
ITGC Technology Services
Risk-free technology services
TechRisk 2LOD
2 LoD Risk management and compliance functions. These functions provide infrastructure & platforms, Cyber risk services to successfully accessing, managing, monitoring and mitigate the risks
3 LOD Audit Function
TechRisk and Cyber security audit services to comply with firms rules, global regulation, industry frameworks, and standards.
Third Party Risk Management
Third-party risk management, Vendor management, Supply chain management, and outsourced risk assessments
SOC 1 & 2
SOC 2 Type I and SOC 2 Type II Review and Report
SOC 2 Type I is a point-in-time report, and it only covers a specific day. This report answers the question how secure you environment is today and whats your present security posture.
SOC 2 Type II is an audit review over time often covering a period of no more than a year. There’s no minimum or maximum SOC 2 Type 2 audit period that needs to be covered.
Regulatory Reviews
Assess the compliance with various regulations, including but not limited to:
New York Department of Financial Services (NYDFS)
California Consumer Privacy Act (CCPA)
Gramm-Leach-Bliley Act (GLBA)
Regulation P (Privacy of Consumer Financial Information) & Regulation S-P (Privacy of Consumer Financial Information - SEC)
Federal Deposit Insurance Corporation (FDIC)
National Futures Association (NFA)
Securities and Exchange Commission (SEC)
General Data Protection Regulation (GDPR)
Hong Kong Monetary Authority (HKMA)
Cybersecurity Law of the People's Republic of China
Sarbanes-Oxley Act Section 404 (SOX 404)
Monetary Authority of Singapore (MAS)
Health Insurance Portability and Accountability Act (HIPAA)
CORE INFRASTRUCTURE SECURITY
Access the effectiveness of different core infrastructure security components but not limited to
Compliance & Policy Enforcements
Network Security
Core Technical Infrastructure IAM Security
Physical and Data Center Security
End Point and Desktop Security
Data Security
Hardening and Configuration
Logging and Monitoring