InfoRisk - IT Security:

In Banking and Financial Services IT security is extremely important and which has to be considered as part of all activities.

We have considerable experience in this area. A typical project involves helping a customer achieve security certification, such as PCI / DSS level 1 for online credit card processing.

We can advise on security practices and implement changes to applications or develop new applications, where appropriate, to ensure compliance with recognised standards. We can help up to the point of working with your security auditors to ensure that you achieve compliance on the first attempt.

IT security affects all aspects of the business, including the database, the front end design and business processes and practice. We can work in all these areas, for example ensuring the database schema design meets the appropriate encryption standards in the appropriate places. We can also ensure the application is coded in the appropriate way and that any graphical user interface is protected from attacks.

Employee training is normally mandated as part of a security standard, such as PCI / DSS. This is usually required for all staff, including IT people and other users; although the training required in each case varies by job role. We have a range of courses, which we have provided to existing customers and which can be tailored for your needs.

Although we are not auditors, we have experience with various IT security auditing companies and we can make recommendations, of auditors, if required.