Before it found the right security assessment tool, Ptantation Federal Bank, Pawleys Island, S.C., had a security dilemma shared by many: an ill-defined sense of its exposures and the potential to over-spend on data and system safeguards.
Yet examiners and customers are unsparing in wanting certainty regarding hacks, breaches, or other data security issues. Unwilling to continue to build a security program without a better sense of its existing strengths and vulnerabilities, the bank at first attempted its own profiling exercise.
"We were using a spreadsheet to try to create our own risk assessment tool," recalls Chief Information Officer Elise Anderson. "It was cumbersome." As indicated by Federal Financial Institution Examination Council's Guidelines, a given risk assessment requires that digital assets be identified and valued first. After an analysis of protections in place, a ranking comes from a comparison of exposure and system value. The resulting information should be used to develop mitigation strategies.
Milford, Conn.-based Perimeter, a managed security firm (www.perimeterusa.com) provided a handy fix. It's Risk Profiler lets the user point-and-click through a series of system options, so they can check off what is currently deployed to create an organization profile depicting protected IT assets. …