Policy

RCG leads the industry in many areas of Cyber Policy, including NIST, BCP, PCI, and GLBA. With certifications in CBCP, CISSP, CEH, CISA, CISM, AND PCI and an average of more than 10 years of industry experience, our team can assist financial institutions with their cybersecurity needs.

Read More

Assessment

RCG provides assessment services to help financial institutions assess their cybersecurity posture and to determine where protections may be insufficient. Our experience with financial institutions and our in-depth technical expertise prepares us to understand the technical posture and the business imperatives affecting your institution. Our assessment service portfolio was constructed to address the issues most relevant to credit unions and community banks. In addition to the service packages below, we offer custom engagements to meet an institution’s unique needs.

Read More

Project Management

If you are undertaking a complex, long-term project to address security risks and enhance your security posture, then you are aware of the challenges to keep the effort on track. Specialized skills are needed to coordinate multiple vendors completing highly technical tasks. A strong understanding of information security, combined with robust project management skills, are needed to be successful. The RCG team offers these skills as a supplement to your team. Our experts can ensure the project succeeds while your team takes care of immediate business needs.

Policy & Procedure Services Strong policies are the foundation of a high-performance cybersecurity approach. Our team is skilled in developing policies and procedures tailored to meet small to medium-sized financial Institution needs. We work with the client to fill gaps in their security program and supporting policy documentation. We develop recommended program elements and policies based on industry best practices. Drawing on our FI background, we tailor recommendations to the client’s specific scale, risk exposure, and technological base.
Incident Response Planning Let us help you develop or refine your Incident Response Plan. Our team specializes in tailoring industry best practices to meet each financial institution’s unique needs. We can help you optimize your response plan’s effectiveness while ensuring they are cost-effective to implement.
Internal Audit Review Many internal audit departments struggle with how to most effectively audit information technology functions. The expertise needed to audit IT is much more like that of an IT professional than it is a typical auditor. Being able to tap outside expertise to validate the audit plan for IS & IT and help target audit resources to the high-impact areas will result in more cost-effective audit resource use. Our team has years of experience in focusing technology audit efforts. Through our structured review service, we can help your team become more effective.
Internal Audit Risk Process Assessment Determining the likelihood of an event and its potential impact is part science and part art. Getting it right is crucial to focusing limited audit resources on the highest risk areas. Our team has valuable lessons to share from optimizing audit risk analysis. Our review service can ensure you are getting the best bang for your IT audit buck.
Security Program Review Through the Security Program Review service, RCG reviews the FI’s current Security Program documentation for completeness and for sufficiency. We identify suboptimal areas within the program and make recommendations to resolve the weaknesses. We provide best practice recommendations to assist in strengthening program weaknesses. Our findings report details weak or missing areas within the program and recommends updates/upgrades to the security program.
BCP Assessment Our CBCP certified team members are trained and experienced in BCP plan construction. Through this service, we work with your team to review your current plan, identify gaps and areas of weakness, and recommend appropriate industry resolutions. In the case of a disaster, our service ensures that your BCP is complete and efficiently executable.
Cybersecurity Risk Assessment Regularly assessing your cybersecurity posture, then working to close any gaps identified is key to maintaining a secure environment in an evolving world. Our team of experts can quickly assess your information assets and your current posture, identify risks/vulnerabilities, and assess your practices against NCUA and FFIEC requirements.
Security Audit Our security experts come to you to review your security controls. They review your documentation and technology-driven control records. They perform structured interviews of key personnel and a review of physical locations and physical security. The full review touches on: authentication and access controls, encryption, network security, data security, host security, equipment protections, vendor oversight, application security, personnel security, and security monitoring. The findings report documents deficiencies and weaknesses in the control methods, as well as those controls that meet industry best practices.
Penetration Testing Financial institution regulations require regular independent testing of external accesses to networks. Industry best practices recommend using multiple independent assessors to get the most complete perspective on your security posture. The RCG team employs state-of-the-art penetration tools and techniques to ensure a comprehensive assessment. We provide penetration testing services for External, Internal, and Web. Consider us your second source for penetration testing.
Application Security Analysis & Testing Services Customized application security is one of the biggest potential risk areas for a financial institution. Ensuring that code is free of vulnerabilities is still an emerging science. Our team brings years of experience and patented technology developed through Defense-focused efforts. We can efficiently analyze your custom code, determine where risks lie, and recommend appropriate resolutions that your team can quickly implement. If you are using custom developed applications in your environment, let us provide you with the confidence that those applications are secure.
Vulnerability Scanning Regulatory requirements including PCI, GLBA, and Sarbanes Oxley require financial institutions to certify that their member’s information is secure from outside threats. Risks or vulnerabilities may be introduced each time an FI adds new hardware, changes network configuration, installs new software or performs major upgrades. RCG’s Vulnerability Scanning service supports securing the FI’s infrastructure and application systems. The service includes performing vulnerability scans of public IP addresses, internal IP addresses, and OS’s for potential errors in security setup, misconfigurations, known software vulnerabilities, out-of-date patching, as well as addressing regulatory compliance.
CAT Assessment Have you completed the CAT, but are unsure of its accuracy, what it is telling you, and how you compare to the industry? Let our experts perform a quick review of the methodology and results. We’ll ensure your team’s methodology followed industry norms and provide greater insight into the implications of the risk and maturity findings.
CAT Completion Is your team challenged with the complexity of completing the CAT self-assessment? Time-challenged to complete more than 800 questions in the self-assessment? RCG’s CAT completion service can help. Through this service, our consultants will work with your team to quickly and accurately complete the CAT. Working with you, we’ll establish your Risk and Maturity states. Our moderated process ensures quick and consistent CAT completion with results that align with industry norms.
Project Management & Oversight If you are undertaking a complex, long-term project to address security risks and enhance your security posture, then you are aware of the challenges to keep the effort on track. Specialized skills are needed to coordinate multiple vendors completing highly technical tasks. A strong understanding of information security, combined with robust project management skills, are needed to be successful. The RCG team offers these skills as a supplement to your team. Our experts can ensure the project succeeds while your team takes care of immediate business needs.