The bank faced fragmented security practices across key platforms: SWIFT, eBanking, network perimeter, SIEM, and development lifecycle. Critical gaps existed in governance, staffing, secure SDLC, data classification, and incident handling, with inconsistent visibility across endpoints and applications. Leadership needed a clear, structured assessment to understand maturity gaps and prioritize remediation across technology, processes, and organizational governance.
1. Stream-by-Stream Assessment Across 13 Domains
Evaluated SWIFT, eBanking, perimeter security, SIEM integration, SIEM use cases, secure SDLC, design review, organizational structure, risk management, endpoint security, MDM, governance framework, incident handling, data classification, and other operational issues.
2. Technical & Architectural Reviews
Reviewed critical environments (SWIFT, eBanking, perimeter firewalls) and identified high-risk architectural and operational weaknesses.
3. Governance, Risk & Compliance Evaluation
Identified structural gaps in reporting lines, risk methodology, and lack of ISO 27001/27002 maturity mapping and SoA alignment.
4. SOC / SIEM Analysis
Reviewed log source integration, dashboard coverage, business use cases, and endpoint visibility gaps.
5. Secure SDLC & Application Security Assessment
Found absence of a secure SDLC, missing documentation, unutilized AppScan, and reliance on third-party developers.
6. Remediation Planning & Prioritization
Created detailed action plans per domain covering staffing, architecture redesign, SIEM uplift, governance improvements, SDLC fixes, and data protection controls.
