Financial Services

Large financial institutions have been under attack by cyber criminals for years and with their well staffed information security teams, have been able to hold their own but not without some significant losses. Credit unions and small banks however, are increasingly becoming targets of the cyber crook and without the dedicated security teams of the big banks, are highly susceptible to a data breach.

If you represent a small bank or credit union that has a single IT person or contractor, who installs software, manages systems, sets-up users, installs security patches and secures the network while being the employee help desk, Risk Based Security has a solution for you.

Small Banks and Credit Unions

In response to sections 501 and 505(b) of the Gramm-Leach-Bliley Act, which requires agencies to establish standards for financial institutions relating to administrative, technical, and physical safeguards for customer records and information, the following government agencies, under the coordination of the Federal Financial Institutions Examination Council, or FFIEC, issued guidelines establishing standards for safeguarding customer/member information.

  • National Credit Union Administration – 12 CFR Part 748 Appendix A
  • Federal Reserve System – 12 CFR Part 208 Appendix D-2
  • Federal Deposit Insurance Corporation 12 CFR Part 364 Appendix B
  • Office of the Comptroller of the Currency 12 CFR Part 30 Appendix B
  • Office of Thrift Supervision 12 CFR Part 57 Appendix B

Mandatory compliance with the appropriate guidelines to insure the security and confidentiality of member records and information, protect against any anticipated threats or hazards to the security or integrity of such records and protect against unauthorized access to or use of such records or information that could result in substantial harm or inconvenience to any member has been in place for the various financial institutions since 2001.

If your organization falls under the jurisdiction of one of the agencies above, contact Risk Based Security to review the solutions specifically designed for you.


Click on Solution to Read More

Benefits of Risk Based Security’s Approach

Cyber Risk Analytics

Cyber Risk Analytics offers access to a data breach database containing industry specific details on threat vectors and vulnerabilities.  The database is easily accessible through analytical tools and dashboards designed to support risk analysis and to identify security risks by industry, giving organizations the power to identify the true risks to their most valuable assets.

Security Intelligence Reports

Security Intelligence Reports offers organizations a quarterly report that highlights the global trends in information security incidents along with lessons learned and recommendations. A subscription to Security Intelligence Reports provides organizations with a glimpse into the most current information security breaches and the potential impact on their operation.


YOURCISO is aimed at helping organizations that do not have security resources on staff by providing access to security intelligence and the right expertise on an as needed basis delivered through a SaaS model. All services are fulfilled by an experienced security professional with the objective to assist organizations with the planning and management of their information security and risk management programs.

Risk Assessment

Risk assessment is the foundation for building a comprehensive Information Security Program that adequately protects the confidentiality, integrity and availability of an organization’s information assets. Risk Based Security employs a standard assessment methodology and approach based on the guidelines in ISO/IEC 27001:2005, ISO 31000:2009 and NIST SP 800-30 to ensure a consistent and high value result.

Security Policies

Documented security policies are the very foundation of an organization’s security program. Employees need to understand management’s expectations in regards to information security in order to have any chance of doing the right things. Risk Based Security’s “Policy Toolkits” provide easy to customize policy documents appropriate for the small business looking for the bare minimum policies and procedures to the mature organization seeking certification to ISO/IEC 27001:2005.


One of the best ways to reduce the risk to an organization’s information assets is to institute company-wide security-awareness training. Our training initiatives include links to security awareness website(s) and security awareness, risk assessment and ISO/IEC 27001 presentations.

Network Vulnerability Assessments

The overall objective of a Vulnerability Assessment is to scan, investigate, analyze and report on the level of risk associated with any vulnerabilities discovered on public, internet-facing devices and to provide your organization with appropriate mitigation strategies. The Risk Based Security Vulnerability Assessment methodology has been designed to comprehensively identify, classify and analyze known vulnerabilities in order to recommend the right mitigation actions.

Incident Response

Everything we do is focused on helping organizations avoid a security incident. However, in today’s environment every organization needs to be prepared for dealing with a data breach. Each client organization will have access to incident response planning documents as well as a security advisor for a 30 minute consultation in case of a breach.

ISO/IEC 27001

Risk Based Security provides customized training, security assessments, security program audits and gap analysis as well as pre-certification consulting services to both protect organizations with best practice security controls and to prepare them for a smooth ISO/IEC 27001:2005 certification audit.

Call 855-RBS-RISK or eMail: [email protected] to see how we can help you become fully compliant.