 |
 |
Winning Over the Skeptics
A large financial institution sought our
assistance with performing information security assessments
of all the key financial applications across the company.
Although conducting these assessments had originally been tasked to the
organization's
Information Security Department, an internal audit several years before had revealed
that the department had not performed the assessments — nor had it fixed the
problem in the intervening time.
This client called on SecureIT to design a process
for performing application security assessments across the organization, and
also to review more than 100 specific applications. This was an especially daunting
task, because each of these applications had different owners, infrastructures,
and security models. Through disciplined project management, effective communication
with application owners, and an efficient strategy, we designed and executed
this process even more quickly than planned.
By the conclusion
of the engagement, resistance from certain application owners had given way to
acceptance and even active support of the process. We performed the required
security reviews within a compressed timeframe, and also developed a sustainable,
documented process that the client could use going forward. Best of all, because
we designed the process so that it could be brought back in-house by the Information
Security Department, the total cost of ownership was significantly reduced.
|
