FP Technology FP Technology

Expertise includes the following:

  • Network architecture development for the protection of information including network segmentation to isolate sensitive data, inclusion of a DMZ(s) where appropriate and the placement of security components such as firewalls, IDS/IPS and web application firewalls

  • Network component configuration analysis including firewalls, routers and switches for best practice security hardening

  • Authorization analysis and review for multi-factor authentication

  • Access Control List analysis and review for systems and software to ensure appropriate rights and privileges

  • Analysis and review of encryption methodologies and techniques for sensitive data both in storage and in transit

  • Analysis and review of secure software development techniques and practices

  • Management of security testing and analysis and review of reports from vulnerability scanning, penetration testing, password cracking, VMware audits and Active Directory audits

  • Analysis and review of the implementation and process for security monitoring including audit trails and logs for network, applications and databases

  • Development and deployment of IT Policies and Procedures including Written Information Security Program (WISP), individual security policies, detailed procedures, forms and standards

  • Physical security analysis and review of premises where sensitive data is store both electronically and physically

  • Analysis and review of Third Party Service relationships and agreements to ensure appropriate information security certifications and controls are in place including SSAE 16 SOC 1 and SOC 2, and PCI DSS / PA DSS

  • Development and implementation of Business Impact Analysis and Business Continuity / Disaster Recovery Plan including training, testing and maintenance of plan

  • Development and delivery of security awareness training both in person and via webinars

  • Mapping of regulatory security requirements for multiple vertical markets to best practice security and IT frameworks such as ISO, NIST and CoBiT® to implement processes and controls and meet regulatory requirements

  • Performance of PCI DSS 2.0 and 3.0 Reports on Compliance (ROC), Risk Assessments, and completion of Self-Assessment Questionnaires (SAQ). The PCI DSS is a highly detailed and prescriptive set of security requirements to protect payment card data being processed, transmitted and stored

  • IT security risk assessment and audit planning and execution for banks on multiyear contracts as the outsourced IT Audit Department. Detail and Executive Audit reports developed and presented to Senior Management, the Audit Committee, and the Board of Directors several times per year

  • Development and implementation of IT Governance Program with the objective of aligning business and IT regarding strategy, policies, priorities and processes
  • Performance of IT readiness for SSAE 16 SOC 2 reports based on the five (5) Trust Service Principles in conjunction with CPA firms

  • Speaking engagements at trade shows for financial institutions including Jack Henry and Fiserv on IT security topics and regulations including Corporate Account Takeover (CATO), Social Networking Security, and Business Continuity Planning

For more information please click here to Contact Us