Security Auditing and Compliance
Security auditing is one of the requirements of the legal and regulatory framework to which a Bank is subjected, whether it relates to international standards, such as PCI / DSS, or to local Directives, such as the Bank of Greece Directive 2577. On this basis, each bank must comply with specific procedures, such as Security Policy definition, periodic security audits, Risk Assessment, Data Classification, Penetration Tests, security incidents reporting, and many others.
All procedures related to a specific security standard require many resources - specialized human resources as well as solutions. As a result, these procedures are partially implemented and in the end not used in practice. At the same time, the Bank's management is poorly informed about all the above and therefore is not always in the position to prioritize projects related to IT. All the above have usually legal and financial implications to the Bank, a high level of risk, but also reduction of the institution’s credibility.
Security Audit, Risk Assessment, Security Policy Implementation, Security Awareness Program, Log and Event Management.