Prevention
- Security Assessment
- Red Teaming
- Compliance Audit
- Pre-IR Assessment
- Compromise Assessment
- Cyber Education
- GIB Crypto
SWIFT Compliance Audit
8+ bln
financial messages in 2020
200+
territories connected
11,000
banking institutions connected
The banking industry is a lucrative, and therefore frequent target of cyberattacks. To respond to current and future threats, the Society for Worldwide Interbank FInancial Telecommunications (SWIFT) introduced their Customer Security Programme (CSP) in 2016.
The program outlines the Customer Security Controls Framework (CSCF), which comprises a set of mandatory and advisory security controls that apply to all member banks and financial institutions.
As a member of SWIFT, Group-IB is recommended to perform external attestations of any other member and offers comprehensive compliance audit.
The guidelines are regularly updated to reflect technological advances, new cybersecurity practices, and changes to the threat landscape. The current CSCF consists of 3 main objectives, 8 main principles, 31 security controls.
Objective
Principle
Secure your environment
- Restrict internet access
- Protect critical systems from the general IT environment
- Reduce attack surface and vulnerabilities
- Physically secure the environment
Know and limit access
- Prevent compromise of credentials
- Manage identities and segregate privileges
Detect and respond
- Detect anomalous activity to system or transaction records
- Plan for incident response and information sharing
Compliance requirements
All SWIFT members must conduct a security attestation every year:
External evaluation
Conducted by an independent organization. The auditors themselves must be certified within the IS industry
Internal evaluation
Conducted at the expense of the organization’s independent qualified internal assessor
Audit process by Group-IB
1Preliminary data analysis
- Analysis of internal documents
- Clarification of the audit parameters
- Creation of audit plan
2Perfomance of audit
- Interview
- Collection of audit findings
- Review of business processes
3Preparation of report
- Creation of report on SWIFT compliance
- Development of recommendations to eliminate gaps
4Drafting of internal documentation
Review and update of company’s internal documents based on audit results
What you get
Assessment and understanding
of your current state
Recommendations
for improving the effectiveness of protective measures and for SWIFT CSCF compliance
Consulting
on how to enhance organization and administrative documentation, and reporting guidelines
Why choose Group-IB’s Compliance Audit and Consulting
First-rate team of certified experts
Team of qualified experts who have 10+ years of experience auditing various infrastructures (GDPR DPP, CISSP, CISA, PCI QSA, ISO and others)
Technological and human intelligence
The strong synergy between Group-IB’s experts and proprietary Threat Intelligence & Attribution ensure up-to-date knowledge of attacker TTPs
Comprehensive approach
We not only check for compliance but also draft internal documentation and recommendations, and provide risk assessments and consulting
No nonsense reporting
We provide thorough, easy-to-read reports that clearly outline gaps in compliance as well as corresponding remediation measures