CEO and executive management asked Elliott Davis to help answer: “Would you help us identify areas of potential vulnerability within our systems?”

Context

  • A fintech company that makes philanthropy as easy as online banking
  • Needed to identify vulnerabilities and ensure on an ongoing basis that their web application and payment system cyber controls were consistently working.
  • Wanted an expert review and analysis of their current Disaster Recovery Plan (DRP)/Business Continuity Plan (BCP)

Our Approach

Penetration Testing:

  • Performed web application penetration test of payment system
  • Analyzed the web frontend infrastructure for any configuration issues
  • Completed detailed testing of application using custom tools, scripts, and methodology
  • Attempted to compromise backend database and systems

DRP/BCP Analysis:

  • Reviewed org charts, recovery plan structure, coordinator list, impact analysis, risk assessment, and training program
  • Reviewed critical DRP/BCP vendor contracts and attestation reports
  • Delivered report of observations and full-scale simulation test

Customer Results

  • Received report of security vulnerabilities and recommendations to improve the overall security
  • Penetration testing identified what an attacker could do in the ‘real world’
  • Developed understanding of current cyber risks associated with cyber-attacks, data breaches,   and other internal and external threats
  • Amended previous DRP/BCP plan to confirm corrective controls are in place to protect business

We Can Help

For more information on this and other topics, contact a member of our team.

The information provided in this communication is of a general nature and should not be considered professional advice. You should not act upon the information provided without obtaining specific professional advice. The information above is subject to change.