1 / 11

Information Security Risk Management Solutions

Information Security Risk Management Solutions. Encierro Solutions . Who are We?. Encierro is an Operations Risk Management software company for banks Encierro offers software modules for Information Security Risk Management Third Party Risk Management Business Continuity Planning.

kathy
Download Presentation

Information Security Risk Management Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security Risk Management Solutions Encierro Solutions

  2. Who are We? • Encierro is an Operations Risk Management software company for banks • Encierro offers software modules for • Information Security Risk Management • Third Party Risk Management • Business Continuity Planning

  3. What We Do • Encierro Solutions provides software and services appropriate for banks of various sizes • For small banks • Pre-scripted policies, procedures, and risk analysis for common bank assets • Cost effective approach • Easy to use • For mid-sized banks • Scalable, comprehensive, flexible system • Enterprise wide • Easy to use • Highly efficient and cost-effective

  4. Our Software – The Matador System • A formal risk management system that enables banks to: • Create risk assessment and risk mitigation plans utilizing pre-scripted policy and Information Security analysis of commonly found bank entities • Information Systems • Software/Hardware • Facilities/Physical Records • Service Providers • Implement a risk management program that is integrated into a bank’s operations • Meet the demanding requirements of the regulators, management, and customers • Demonstrate a MERIT worthy risk management system

  5. MERIT FIL-13-2004 February 4, 2004 MAXIMUM EFFICIENCY, RISK-FOCUSED, INSTITUTION TARGETED (MERIT) EXAMINATIONS TO: CHIEF EXECUTIVE OFFICER SUBJECT: Expanded Use of FDIC's Streamlined Examination Program Called "MERIT" - Maximum Efficiency, Risk-Focused, Institution Targeted Examinations The Federal Deposit Insurance Corporation (FDIC) has expanded the use of its streamlined examination program begun in April 2002.  The "MERIT" program - for Maximum Efficiency, Risk-Focused, Institution Targeted Examinations - applied to banks that met basic eligibility criteria, which included having total assets of $250 million or less and satisfactory regulatory ratings.  Under the expanded MERIT program, well-rated banks with total assets of $1 billion or less will now be eligible.  MERIT Examination Procedures During a MERIT examination, the examiners will use procedures that focus on determining the adequacy of an insured depository institution's internal control systems, and that focus on reviewing the internal and external audit programs.  Examiners will devote significant attention to an overall assessment of the institution's risk-management processes.  They will review an institution's lower-risk activities primarily through discussions with management and by monitoring the activities through various off-site analytical programs.

  6. Why a Formal Risk Management System? • Regulators are placing a greater emphasis on a formal, comprehensive operations risk management program • The ability to manage and the ability to demonstrate easily how to manage ongoing operational risk is more important than annual risk assessment results • Regulations require program to be comprehensive, continuous, integrated, collaborative, involved, timely, historical, testable, and repeatable • Proof of a formal system assures those who are ultimately responsible, the Board and Senior Management, that a safe and sound system is operational in the bank • Proof of a formal system reduces a bank’s legal and compliance liability if a threat is successful

  7. Why the Matador System? • It provides pre-scripted analysis of typical bank Information Assets that can be easily customized by department managers • Easy to use • Saves time • Cost effective • It is the only tool on the market that enables banks to implement a formal risk management program that is integrated into a bank’s operations • It is the only tool that addresses all Information Security areas: • IT, facilities, records, information systems, and third party service providers • It is has been discussed with banking regulatory agencies

  8. Matador Meets the Regulatory Requirements of a Formal System • The Matador system is: • Comprehensive – covers the full spectrum of information security issues • Continuous – respond to new threats quickly • Integrated – part of the decision making process • Collaborative – involves all departments • Involved – requires critical thinking • Timely – responds effectively to events • Historical – shows trends, enables drilling • Testable – works in real world situations • Repeatable – procedure that can be followed by all • Matador system provides assurance • Provides confidence and knowledge that the bank is implementing best practices to protect bank and customer data and information systems

  9. Features of the Matador System • A web-based, relational database driven software system • Leads the bank through the risk management process • Step 1. Information Security Risk Management Program definition • Step 2. Information Asset / Entity definition • Step 3. Personnel Assignments • Step 4. Risk Assessment • Step 5. Risk Mitigation Planning • Step 6. Reporting • Is available with additional modules for • Third Party Risk Management • Business Continuity

  10. Customer Comments: Enterprise Bank & Trust “Encierro’s Matador system for Information Security Risk Management has enabled us to implement a well-thought out approach in a formal way with a flexible software system that can grow and change as our bank grows. Providing us an end-to-end solution, covering the information security concerns from the development of an Information Security program, to the risk management of software, hardware, physical records, service providers, facilities and information systems, the Matador system enables us to get the departmental managers across the company involved in managing risk, while enabling us to meet the regulatory compliance needs of the bank. Having a system that is a true management tool, above and beyond a way to be compliant, is important for the bank to operate in a safe and sound manner.” Steve Irish, CIO and Executive VP for Enterprise Bank. EBTC is a community bank headquartered in Lowell, MA with approximately $800M in assets.

  11. Contact Us For more information view: • Our corporate website at: • www.encierro.biz • Matador information at: • http://www.encierro.biz/infosecurity/matadorannounce.doc • http://www.encierro.biz/infosecurity/matadordescription.doc • Information Security related documents at: • http://www.encierro.biz/infosecurity/formalapproach.doc • Or email us at: • encierrosolutions@yahoo.com

More Related