“Knox has delivered sound education to the finanical community around their responsibilities ” – Investment Group
"Their process has identified departments that handle financial data for which we were unaware" _Customer's Compliance Officer
The financial sector is regulated by different regultory bodies depending on the data that is housed. Investment firms, hedge funds, private equity and investment advisors are regulated by the SEC. While most of these managers have been operating their businesses casually, the SEC and instritutional investors are opening their eyes as to how security can increase a firm's AUM.
Other financial challenges that plague firms is the PCI DSS mandate, FFIEC and GLBA requirements for banks and/or enities that handle credit cards. While most companies fall under the PCI regulatory due to their handling, processing or storing of credit cards, small to large banks face the same challenges in keeping up with compliance.
Upon entering the facilites, Knox had developed a strateic roadmap for the client based on the data they housed and injecting a security roadmap. Knox aligned the client with the PCI DSS, ISO and NIST frameworks as a guideline to security and compliance. In meeting with the business units assessing both technical and non-technical processes, we were able to gain a solid undestanding of the inner workings of the business and began to outline all risks throughout the business. By gaining a solid understanding of overall risks, Knox was able to quantify those risks and begin to strategize technical and non technical solutions based on cost. The segmentation of the data was paramount as finanical data should not be comingled with healthcare data and employee data. By strategizing segmenting solutions this reduced the risk to each data set, improved operability and security (segmenting data correctly is the key...)
Lastly, the most crucial step is meeting with the Board, setting up a governance team and getting approval. This process allowed members of the team to work together to improve their efficiency and tackle security holistically and not as a one off or departmental based.
While there is never a conclusion for information security and security must evolve throughout the lifetime of the business, we can say that the client has seen more business through a sound security protocol. These days, larger firms want to vet information security as part of the sales process and if the security is not up to standards, you will loose the opportunity to do business with medium to larger firms.
Once the client realizes the power of security and all the ways it can help the business, the clients actually become the biggest advocate and internal regulator to ensure all employees are following set standards.