This Small Business Innovative Research (SBIR) Phase I project will develop a tool to assist small and medium-sized financial institutions (SMFI) to understand their information risk and what they should do about it. This project will test the feasibility of pre-defining information security threats and countermeasures for each asset in a SMFI. The phase I goal is to accomplish this goal and address the technical challenges include: 1) Experiment with the feasibility of using two national standards to pre-define cyber risks, 2) Develop a pilot software product that leverages these national standards and 3) Determine the commercial viability of this software product.
The proposal's broad impact is the pervasive positive impact on information protection in financial services. The security posture of SMFIs is concerning; however, with an intelligent tool which answers many of the risk management questions, all types of SMFIs can get an accurate read on where their risks are and what they need to do about it. If successful, this tool could address a significant underserved market in the financial services industry.
Identity theft is a national problem, and identity theft victims are hassled for years because of the negative credit implications of the fraudulent activity. Through the Small Business Innovation Research (SBIR) Phase I project, Secure Banking Solutions addressed the protection of customer information present on the computer systems of small and medium-sized financial institutions (SMFIs). The United States is dependent on its cyber infrastructure for facilitating billions of transactions for the financial services sector every day. Large financial institutions have dedicated IT departments to protect themselves against cyber-attacks. SMFIs are also under heavy cyber-attack but lack the requisite skills and resources that large financial institutions have to combat these threats. This Phase I projected represented the first time an intelligent, facilitated I.T. risk management system has been researched and developed. The project proved that 1) predefinition of a SMFI’s risk is possible through Secure Banking Solutions’ innovative model and 2) national standards can be deployed as the basis for this predefinition. Phase I identified that SMFI executives and users generally lack a fundamental understanding of information security threats and countermeasures. Competing tools in the marketplace provide the ability for users to manually enter threats; however, that requires an extensive understanding of IT security threats. Phase I also answered many of the risk management questions SMFIs have so they can accurately discern where their risks are and what they need to do about those risks. Phase I proved that an intelligent system using pre-loaded data can act as a SMFI’s information security management consultant and facilitate effective business decisions. The product under development houses national standards developed by National Institute of Standards and Technology (NIST) and translates them into enterprise-based risks that SMFI executives can understand. By understanding the risks their SMFI incurs, decision-makers can better defend customer information from cyber thieves. This unique and ingenious approach advances the science of information risk management and serves as a model to replicate for use in other critical infrastructures beyond the financial sector. Phase II funding would have led directly to a suite of products for SMFIs. Secure Banking Solutions is moving forward with the development and commercialization of this product, known as TRAC, which will have a broad impact on the improved security posture of the financial services industry. For more information, go to www.tracadvantage.com and www.protectmybank.com. Parties interested in learning more about this product and its availability should contact the principal investigator, Erik Osterkamp, CISSP, CISA (erik.osterkamp@protectmybank.com).
