Why read this report
The core purpose of Bank Negara Malaysia (the central bank) was to help Malaysian Financial institutions establish necessary frameworks, policies, and procedures to ensure that the institutions maintain their cyber exposure. The plan was to provide banks with guidance on how their IT security ought to be strengthening.
This report focusses on the client, a leading bank in Malaysia, that has over 60 branches, serving the banking needs of corporate, commercial, and institutional clients, wanted to make sure that they are compliant with the central banks’ mandatory guidelines, policies, and procedures.
Key takeaways:
- Conduct Risk framework – To Identify the risks involved in the bank’s technology framework
- To prevent security incidents or service outages that could disrupt business activities within the bank and its branches across different regions within the country.
- To adhere to industry level best practices that will help secure the bank’s infrastructure and ensure hackers do not gain access to the bank’s database systems.
- Ensure that in the future, the bank can withstand, respond, and recover from a data breach.
- To conceptualize and design a blueprint that defines the security structure of the bank
CASE STUDY
ONE STEP TO STAYING SAFE – A LEADING BANK REFURBISHES AND AMENDS EXISTING CYBERSECURITY POLICIES 5 min read
Situation
The Risk Management in Technology (RMiT) policy published by Bank Negara’s intention was to formalize the development of consistent risk management programs in all Malaysian Financial institutions. Hence, to ensure they comply with the central bank’s mandatory guidelines of cybersecurity, client then engaged EC-Council Global services, to carry out a gap assessment and meet these challenges.
Any financial institution’s core focus is data security. The issue the client faced was that they lacked documentation of risks from different stakeholders. Looking at these factors, the entire operation had to be completed by our security experts in six weeks to ensure the business continuity of the bank.
Services delivered
Our team of security consultants worked around the clock, including on non-business days, to meet this stringent timeline. The consultants conducted a gap analysis, ethically looking into the customer’s IT infrastructure and security vulnerability and have come up with a set of guidelines specifically for the bank:
Gap analysis of people, process, and technology with reference to RMIT guidelines, provide detailed reports about the company’s current posture. |
A roadmap with timelines for the bank to follow to comply with the guidelines set by Bank Negara. |
Technology Risk Management Framework according to the requirements of RMiT. |
Cyber Resilience Framework aligned with the requirements of RMiT. |
Enterprise Architecture Framework aligned with the requirements of RMiT. |
Cybersecurity Strategy aligned with the Business and IT Strategy. |
Solution
Due to due diligence and customer value mindset, EC-Council was able to deliver the services within the given timeframe. The compliance report submitted had a comprehensive analysis of individual risks covered, following a remediation plan with the timelines.
Detailed recommendations were provided to the bank on ways to improve.
- They divided into two plans – Tactical recommendations for immediate development and long-term strategic suggestions for improvement to implement within the timelines defined by the organization by following its risk capacity. That was to perform within the timeframe established by the organization.
- According to the risk register, risk categories into low, medium, and critical brackets. The client was provided with detailed and comprehensive remediation procedures and solutions to implement.
Results
Committee members of the central bank accepted the report, and the customer is deemed compliant with the mandatory regulatory guidelines. On applying the suggested comprehensive solutions, the post-evaluation results found the customer’s security risk status to be stable, and its infrastructure in compliance with the industry’s best practices and standards.
Engage with EGS: Gain greater confidence in your cybersecurity decisions by working with EC-Council Global Services’ thought leaders to apply our solutions to your specific business and technology initiatives.
Posture Assessment Survey
An independent expert assessment of the current state of information security environment is conducted against global standards and leading industry practices to measure the overall cybersecurity maturity of your organization. |
FREE Phishing Simulation
To assess your organization’s human error vulnerabilities, take OhPhish’s FREE subscription to run simulated Phishing attacks and get a detailed actionable report. |
Vulnerability Assessment & Penetration Testing (VAPT)
EGS offers a broad range of network infrastructure, web applications, and mobile application security assessment services designed to detect and gauge security vulnerabilities. Take the FREE VAPT for up to 10 external IPs, worth USD 5000 and get a customized report! |
Related Research Documents/Links
Beyond Trust – https://www.beyondtrust.com/blog/entry/achieving-compliance-with-malaysia-risk-management-in-technology-rmit