CEO and executive management asked Elliott Davis to help answer: “Would you help us identify areas of potential vulnerability within our systems?”
Context
- A fintech company that makes philanthropy as easy as online banking
- Needed to identify vulnerabilities and ensure on an ongoing basis that their web application and payment system cyber controls were consistently working.
- Wanted an expert review and analysis of their current Disaster Recovery Plan (DRP)/Business Continuity Plan (BCP)
Our Approach
Penetration Testing:
- Performed web application penetration test of payment system
- Analyzed the web frontend infrastructure for any configuration issues
- Completed detailed testing of application using custom tools, scripts, and methodology
- Attempted to compromise backend database and systems
DRP/BCP Analysis:
- Reviewed org charts, recovery plan structure, coordinator list, impact analysis, risk assessment, and training program
- Reviewed critical DRP/BCP vendor contracts and attestation reports
- Delivered report of observations and full-scale simulation test
Customer Results
- Received report of security vulnerabilities and recommendations to improve the overall security
- Penetration testing identified what an attacker could do in the ‘real world’
- Developed understanding of current cyber risks associated with cyber-attacks, data breaches, and other internal and external threats
- Amended previous DRP/BCP plan to confirm corrective controls are in place to protect business
We Can Help
For more information on this and other topics, contact a member of our team.
The information provided in this communication is of a general nature and should not be considered professional advice. You should not act upon the information provided without obtaining specific professional advice. The information above is subject to change.
