CASE STUDies

Vulnerability Assessment and Penetration Test Case
A multinational financial institute with head office in Hong Kong, providing professional financial services worldwide.

Size 300+ Employees
Services Vulnerability Assessment and Penetration Test
Challenge Systems carrying sensitive customer personal and trading data
Results Identified system, network and application security vulnerabilities and provided technical recommendations
Follow - up Mitigate existing security holes. Security methods and tools were suggested for further improvement

Challenge
In this case, our client is a multinational financial institute which provides a wide range of financial services to the community. Due to the confidential nature of customer personal information and trading data, our client has put lot of efforts into information and network security as to prevent information leakage and system hacking. As the systems used in financial trading settings have to be ultra-secured, our client requests our Vulnerability Assessment and Penetration Test service at least once a year and during the launch of new versions of its worldwide financial trading platform.
To review their security and risk level, our challenge is to provide an external attack via penetration test and vulnerability assessment services to define their security risks and provide technical recommendation for their further improvement.

Results
Our security specialists issued a penetration test report on a number of security findings with different level of severity. Critical vulnerabilities that put customer personal and trading information at risk of cyber attacks were identified. Technical recommendations and advisory were provided according to the existing industrial standard. Based on existing setup, our team has also given quantitative estimations on hacking durations. Other than that, latest security protection methods and tools were suggested for future improvement. Our client took our recommendations and upgraded their information security level and security controls.

The penetration test report including:
  • Prioritized list of vulnerabilities
  • Specific information about the vulnerabilities exploited
  • The risk level of the vulnerabilities
  • The description and evidence of the vulnerabilities
  • Potential impact
  • Technical Recommendations

  • Follow-Up
    After our assessment and in-depth analysis of the security testing, Ringus provided a detailed report documenting each security issue with a set of security recommendations (methods and tools) and corrective action plans. Our client implemented those plans accordingly and a further penetration test also verified that the remedial activities had been successful.

    Impacts
    Our recommendations have provided our client with an up-to-date defense against known vulnerabilities and global hackers, allowing our client to estimate and justify the cost of equipments whenever appropriate in scaling up its security level, providing a continual improvement model. With our comprehensive penetration report, professional recommendations and direct assistance, our client was able to get a realistic idea on the existing security level of their setup. Our work helped the client avert a potential reputational crisis and allowed the company to operate their systems in a confident and secure way.

     
    I.T. Audit and Assessment
    I.T. Consultation
    ISO 27001 Consultation
    Vulnerability Assessment and Penetration Test Vulnerability Assessment and Penetration Test Vulnerability Assessment and Penetration Test