Cyber Resilience Program
A top tier US Bank was concerned that their Cyber Resilience capabilities for Response and Recoverability of their critical LOB services were insufficient to meet the increasing risks of Cyber Security exploits considering Ransomware, Malware, Denial of Service, Software Vulnerabilities, Supply Chain Compromise, and Insider Threat scenarios. The client required a holistic view on the recovery and resilience profile of 500+ individual business applications and dial-tone technology services supporting their critical lines of business, and a repeatable set of Cyber Resiliency Assessment, Disaster Recovery Testing and Training capabilities.
Synechron provided a small team of consultants across the US and UK with combined deep infrastructure, application architecture, DevSecOps, security architecture and enterprise risk management experience to design the applicable controls, assessment framework, data model, and execution approach. We used our Application Risk Assessment framework, combined with the bank’s Technology Control Framework, NIST 800-53, and industry Better Practices across Architecture & Operations. The result was a complete methodology for executing full-or-partial Cyber Resiliency assessments with targeted control statements, validation criteria, and evidence-driven assessments designed to minimize impact on application owners.
Cyber Resiliency assessments were ran over a 6 month period, scaling to 500+ application assessments and their employed IT infrastructure platforms. A small team of experienced assessors worked across each Line of Business, leveraging existing documentation, evidence and artifacts collected across the organizational CMDB, SDLC Tollgates (Permit to Build, Permit to Operate), ITSM, CI/CD Tools, and their existing BCDR documentation and exercises. Application profiles were built in advance to provide a ‘low-touch’ assessment that avoided unnecessary disruption of application development teams, enabling a target goal of <15 minutes for the use of each individual application owners’ time.
Each assessment was data warehoused for analysis and correlation of themes, root causes, and gaps in control implementation that could be visualized by senior leadership and effectively prioritized with investment constraints.
Additionally, a roadmap of improvement on existing DR exercises, tabletops and training was developed, emphasizing the modern implications and effects of Cyber Scenarios, lateral movement, and data theft.
How we’ve helped our clients achieve their transformation goals for other large-scale, global programs