Banks, credit unions, investment management and wealth management firms operate in a heavily regulated space. Top priorities are protecting personal client information and client portals, and preventing fraud. Illumant knows the regulations, regulators and guidance (GLB, FDIC, NCUA, OCC, FTC, SEC, FFIEC, OCIE) and our services address their requirements, as well as security best practices for the financial services industries.

The following are services that are relevant to and popular with financial institutions and related organizations:



Popular Financial Compliance and Assessment Services

    Policies Procedures and Practices Assessment (PPPA) ‐ Ensures that documented IT policies and procedures, and associated practices, are aligned with best-practices and applicable regulatory requirements. The PPPA is a gap analysis and the first place to start towards compliance with best-practices, regulatory requirements, and standards, such as HIPAA, SOC, PCI, CIPv5, NIST, ISO, DFARS, GLBA, SOX, etc. {Read more}

    Risk Assessment (RA) ‐ Combination of qualitative and quantitative analysis to determine the top threats to information security, biggest vulnerabilities, and largest opportunities for risk reduction through cost-benefit analysis {Read more}

    Perimeter Security Assessment & Penetration Testing (PSA) ‐ Provides assurance that Internet-facing networks and systems are protected from hackers/malware (aka the hacker's perspective). {Read more}

    Critical Asset Security Assessment (CASA) ‐ Internal vulnerability analysis and penetration testing of mission-critical assets including applications, servers, routers, and switches for validation of layered-security and defense in depth. {Read more}

    LAN Security Assessment (LANSA) ‐ Provides assurance that LANs are well secured including end-user systems such as desktops and laptops. As well as LAN servers, and other LAN devices. {Read more}

    Social Engineering (SocEng) ‐ Targets the human element to test awareness of users to potential security threats, by performing simulated phishing, planted media, pretext calling, and social networking attacks, and to test exposure to social engineering. {Read more}

    Advanced Black Box Penetration Testing (BBPen) ‐ A premier service that simulates real-world cyber-attacks against your organization. The BBPen is a capture-the-flag exercise using technical and social pen testing techniques to test how well protected you are against breaches {Read more}