Colt: Security Risk Assessment
Digital review and remediation programme
Specialists in financial services and private equity we have supported many clients to make great decisions whether it be helping an organisation realise its potential or commercialising the value of the technology function and assessing “technical debt”.
We’ve helped clienta with cyber assurance, risk management, digital transformation, artificial intelligence, customer demand and much more.
This was a great project with a fantastic LR team to support it! We can definitely be proud of the work, and the reputational support it provides us with our key stakeholders.CIO
We were asked to help Generali understand the key risks areas and current best practice for their core systems.
Generali is a major player in the global insurance industry. With almost 71,000 employees, more than 400 companies and operating in almost 60 countries, it is the largest insurance company in Italy, and third largest in the world.
Generali operates in a highly regulated environment, and so, they are required to undergo frequent audits at an enterprise level. However, these audits tended to look at general controls or topics, and consequentially, Generali identified the lack of review of the end-to-end processes for six core business systems.
They recognised the importance of engaging a specialist independent organisation to conduct this review in order to provide the validation of risk level required. They needed to ensure full transparency for their customers and satisfy regulatory bodies.
We were asked to consider how we could help Generali understand the key risks areas and current best practice for their core systems.
Given the sensitive nature of the data being managed within Generali’s core systems, Leading Resolutions recommended an approach based on the NIST Cyber Security Framework (CSF). This had the benefit of being able to provide Generali with consistent output across all systems with regards to:
In addition to this, we reviewed each system’s compliance with GDPR to ensure there were no areas of concern.
To make the most efficient use of our time, we undertook a three-step approach to completing a high-level review based around the NIST Cyber Security Framework.
We reviewed all documentation pertaining to the six core systems.
We organised a site visit to look at the six systems and conduct a high-level assessment. In parallel, we conducted a high-level assessment of the contractual positions for those six systems.
Step three was a more detailed level of assessment. We conducted a cradle-to-grave review for the Eclipse system.
We documented the assessment findings to produce an interim report, which provided a high-level overview of the risks we identified and led to the approval of a number of cybersecurity and governance initiatives. It also informed Generali of any systems that required a more detailed assessment and analysis.
The specialist expertise and skills presented by the Leading Resolutions team enabled us to cut through what was a highly complex and challenging piece of work. With high expectations and visibility form our board, they delivered speed and accuracy that we would never have been able to achieve ourselves.Mark Laine