FCI Cyber Safeguard Evidencing and Scanning

Regular evidencing and scanning is the best practice for maintaining a secure digital ecosystem. For some firms, such as those regulated by SEC, FINRA, and NYDFS, testing is required annually to assess the effectiveness of the covered entity’s cybersecurity program.

Vulnerability Scanning across a firm’s network and environment (conducted via automated scanning tools) and Penetration Testing (an authorized simulated cyberattack on a firm’s computer system) assess cyber safeguards and overall security posture. Vulnerabilities and potential security flaws are discovered, documented, and reported on with remediation recommendations.

Vulnerability Scanning and Penetration Testing are not enough, however. How many systems do you have that host private data? How many networks do you have? Who is managing those networks? How many servers do you have? Are you using an e-mail system like Microsoft 365? Do you use Active Directory?

If you answer yes to any of these questions your firm needs more than external scanning to evidence that systems and software are properly hardened. For example, best practice dictates that an admin should routinely change passwords and that Multi-factor Authentication (MFA) should be used to securely access systems. Can you be certain that your systems are managed securely?

FCI covers the full scope of hardening configuration evidencing via live screen share with a firm’s administrator to review security configurations. Findings validate hardened security settings and provide detailed recommendations for remediation to improve cybersecurity.

For more information about Cyber Safeguard Evidencing and Scanning please visit: https://fcicyber.com/cyber-safeguard-scanning-and-evidencing/