Cybersecurity assessment of financial sector organizations

As part of the initial research thrusts of CyLab-Africa’s focus on improving financial inclusion, free surveys and vulnerability assessments are being conducted for partner institutions.
To learn more about enrolling your organization in this free assessment, please reach out to CyLab-Africa@cmu.edu.
The outcome of your organization's assessment will be completely confidential, and will not be published, shared with any third parties, or otherwise disseminated.
Partaking in this would entail a survey, a vulnerability assessment, and continuous monitoring, as described below.
CyLab-Africa is conducting an assessment of existing cybersecurity programs at participating small- to medium-sized financial institutions and fintech enterprises. The assessment is a standardized, open-source survey for evaluating the state of your organization’s cyber-readiness. The assessment is presented as an online questionnaire, and will assess the respondent’s existing investments and capabilities in the following cybersecurity areas:
The assessment areas are aligned with existing cybersecurity industry frameworks such as NIST 800-53 and ISO/IEC 27001. Each assessment area is scored on a linear scale based on the organization’s responses and the assessor’s industry experience in conducting similar objective reviews. We will also collect information regarding demographics (e.g., gender), both of enterprise employees at large, and of cybersecurity professionals.
The CyLab-Africa team will conduct controlled testing of the organization's computing infrastructure. Testing simulates the tools and techniques that an attacker would use to gather unauthorized knowledge of organization's network, systems and applications to identify security weaknesses they can exploit. Working with the organization's designated liaison, the CyLab-Africa team will identify the most appropriate systems to include in the assessment, while also minimizing impact on business operations. The selected networks and systems should constitute a representative sample of the key components of your computing infrastructure.
Key phases of the vulnerability assessment exercise include:
The CyLab-Africa team will collect and analyze various network telemetry and system logs for indicators of compromise of the organization's computing infrastructure. Working with the organization's designated liaison, the CyLab-Africa team will identify the appropriate scope and duration of the monitoring.
Key phases of the continuous monitoring exercise include:
The benefits to organizations participating in these activities, is to gain a better understanding of their current cybersecurity gaps, while receiving expert guidance on how to improve their overall cybersecurity maturity.