Cyber Resilience Program
Cyber Resilience Program
Cyber Resilience Program
A top tier US Bank was concerned that their Cyber Resilience capabilities for Response and Recoverability of their critical LOB services were insufficient to meet the increasing risks of Cyber Security exploits considering Ransomware, Malware, Denial of Service, Software Vulnerabilities, Supply Chain Compromise, and Insider Threat scenarios. The client required a holistic view on the recovery and resilience profile of 500+ individual business applications and dial-tone technology services supporting their critical lines of business, and a repeatable set of Cyber Resiliency Assessment, Disaster Recovery Testing and Training capabilities.
How Citihub Helped
Citihub provided a small team of consultants across the US and UK with combined deep infrastructure, application architecture, DevSecOps, security architecture and enterprise risk management experience to design the applicable controls, assessment framework, data model, and execution approach. We used our Application Risk Assessment framework, combined with the bank’s Technology Control Framework, NIST 800-53, and industry Better Practices across Architecture & Operations. The result was a complete methodology for executing full-or-partial Cyber Resiliency assessments with targeted control statements, validation criteria, and evidence-driven assessments designed to minimize impact on application owners.
Cyber Resiliency assessments were ran over a 6 month period, scaling to 500+ application assessments and their employed IT infrastructure platforms. A small team of experienced assessors worked across each Line of Business, leveraging existing documentation, evidence and artifacts collected across the organizational CMDB, SDLC Tollgates (Permit to Build, Permit to Operate), ITSM, CI/CD Tools, and their existing BCDR documentation and exercises. Application profiles were built in advance to provide a ‘low-touch’ assessment that avoided unnecessary disruption of application development teams, enabling a target goal of <15 minutes for the use of each individual application owners’ time.
Each assessment was data warehoused for analysis and correlation of themes, root causes, and gaps in control implementation that could be visualized by senior leadership and effectively prioritized with investment constraints.
Additionally a roadmap of improvement on existing DR exercises, tabletops and training was developed, emphasizing the modern implications and effects of Cyber Scenarios, lateral movement, and data theft.
- A repeatable framework and factory approach was built that could scale a 100+ cyber resiliency control statement assessment to 500+ critical business applications within the required timeframe
- Analytic tooling was built that could cover evidence-driven assessments for Cyber Resiliency and be adapted to other Risk Assessments
- Education and acceptance across Business Continuity and Disaster Recovery leadership around key enhancements needed to bridge the gap from traditional Disaster Recovery to recovery from Cyber Exploits
- Enhancements to existing Technology Control framework, Architectural Standards, and Backup and Recovery strategy to accommodate for improved Recoverability from Cyber attacks
- A prioritized list of actionable gaps and recommendations across IT service provider teams and Application owners, netted against existing organizational improvement programs
Related Case Studies
Cloud Secrets Management Solution
A top 3 US Bank asked Citihub to implement HashiCorp Vault to provide a centralized secrets management solution for their very ...
FT Names Citihub Digital as one of 2021’s Leading Management Consultants
“We’re thankful to be recognized for the 4th successive year for our leadership in financial ser...
Calling all CIOs and CISOs: 9 Ways to Improve Cyber Resiliency and Recovery Capabilities in 2022
2022 will be a litmus test for just how much progress has been made in the enormously complex and he...
Paul Jones Promoted to Technical Director
Citihub is delighted to announce the immediate promotion of Paul Jones to Technical Director, a role...
Latino, American & Breaking Stereotypes
13 years after he migrated from Cuba, Luis is now one of Citihub Digital’s Associate Partners. In ...
Bringing Order to Complex Gitlab Workflows with Dynamic Child Pipelines
In this Medium article, Senior Consultant Mark Cooke describes how Citihub created a deployment proc...
Getting Hybrid Return-to-Office Models Right
As organizations publish their plans for a return to the workplace, the failure of early policy impl...
Trading in the Cloud
The great cloud migration is well underway, but only the most forward-thinking financial institution...
Securing your Software Supply Chain with in-toto
In this Medium article, Associate Partner Paul Jones builds a case on why we need to have a “frame...
In the press
FINOS and EDM Council Partner to Develop First Open Source Suite for Accelerating Cloud Compliance for Financial Services
"As leaders in the financial service industry, Synechron and its subsidiary Citihub Digital are extr...