Case Study
|
May 26, 2021
|
No items found.

FinTech and System Vulnerabilities

No items found.
elliott davis accounting resources

CEO and executive management asked Elliott Davis to help answer: “Would you help us identify areas of potential vulnerability within our systems?”

Context

  • A fintech company that makes philanthropy as easy as online banking
  • Needed to identify vulnerabilities and ensure on an ongoing basis that their web application and payment system cyber controls were consistently working.
  • Wanted an expert review and analysis of their current Disaster Recovery Plan (DRP)/Business Continuity Plan (BCP)

Our Approach

Penetration Testing:

  • Performed web application penetration test of payment system
  • Analyzed the web frontend infrastructure for any configuration issues
  • Completed detailed testing of application using custom tools, scripts, and methodology
  • Attempted to compromise backend database and systems

DRP/BCP Analysis:

  • Reviewed org charts, recovery plan structure, coordinator list, impact analysis, risk assessment, and training program
  • Reviewed critical DRP/BCP vendor contracts and attestation reports
  • Delivered report of observations and full-scale simulation test

Customer Results

  • Received report of security vulnerabilities and recommendations to improve the overall security
  • Penetration testing identified what an attacker could do in the ‘real world’
  • Developed understanding of current cyber risks associated with cyber-attacks, data breaches,   and other internal and external threats
  • Amended previous DRP/BCP plan to confirm corrective controls are in place to protect business

We Can Help

For more information on this and other topics, contact a member of our team.

The information provided in this communication is of a general nature and should not be considered professional advice. You should not act upon the information provided without obtaining specific professional advice. The information above is subject to change.

“Elliott Davis" is the brand name under which Elliott Davis, LLC (doing business in North Carolina and D.C. as Elliott Davis, PLLC) and Elliott Davis Advisory, LLC and its subsidiary entities provide professional services. Elliott Davis, LLC and Elliott Davis Advisory, LLC and its subsidiary entities practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Elliott Davis, LLC is a licensed independent CPA firm that provides attest services to its customers. Elliott Davis Advisory, LLC and its subsidiary entities provide tax and business consulting services to their customers. Elliott Davis Advisory, LLC and its subsidiary entities are not licensed CPA firms. The entities falling under the Elliott Davis brand are each individual firms that are separate legal and independently owned entities and are not responsible or liable for the services and/or products provided by any other entity providing services and/or products under the Elliott Davis brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by Elliott Davis, LLC and Elliott Davis Advisory, LLC.

links and downloads.

Ready to find your business’ potential?

get in touch

download the white paper

contact our team

contact our team.

contact our team.

meet the author

meet the team

meet the authors

No items found.