RISK

Great starting point for all cybersecurity programs, regardless of maturation level.

• TuikIron External – “It’s Not IF - but WHEN” – Monthly scan of your internet-facing network. Discover what’s open to the internet as well as vulnerabilities available to potential threat actors.
• Project Mariana – “Stay Off The Dark Web’s Radar” – Deep Web and Dark Web reconnaissance and reporting. Discover what threat actors are sharing about your credit union.
• TuikIron DAST – “Testing Now Beats a Nightmare Later” – Monthly Dynamic Application Security Tool (DAST) scan of your credit union’s website. Discover your website’s security from both an unauthorized and authorized user standpoint.
• TuikGuard – “Good Security Finds Troubles Early” – Daily optimized proactive checks for malicious behavior. Discover if your website has had any unauthorized or malicious changes as well as if any unauthorized changes have occurred to your internet-facing network.
• BakerStreet – “Test. Fix. Protect. Repeat” – Web-based centralized location for all findings and trends in an easily digestible format.
• Program Documentation – “Auditors Love Us - Hackers Hate Us” – A program dashboard emailed directly to your inbox monthly of all services rendered and the ability to request a program certification letter to share with third parties and auditors as needed.

Recommended services for cybersecurity programs looking for additional augmentation and growth beyond their current maturation level.

• External Network Penetration Test – “Think You’re Secure? Let Us Prove It” – An evolution of the TuikIron External service. Involving a deeper scan of your internet-facing network, the information gathered will then be used during a “Time-Boxed” penetration test where a skillful attacker with “Hands-On-Keyboard” will actively attempt to exploit deficiencies in the infrastructure, to escalate privileges, bypass authentication controls, or identify instances where private client data may be exposed. This is not your grandmother’s automated penetration test.
• Phishing Assessment – “Trust What You Know. Test What You Don’t” – Assess the effectiveness of your cybersecurity awareness training. Get a better understanding of your employees’ abilities to recognize and take appropriate action on malicious emails. Use the findings to help mature and enhance your cybersecurity awareness training.
• Application Penetration Test – “Hack Yourself Before Someone Else Does” – An evolution of the TuikDAST service. Involving a deeper scan of your application, the information gathered will then be used during a “Time-Boxed” integral penetration test where a skillful attacker with “Hands-On-Keyboard” will actively attempt to exploit deficiencies in the infrastructure, to escalate privileges, bypass authentication controls, or identify instances where private client data may be exposed. This is not your grandmother’s automated penetration test.

Ad-Hoc services to help you further shore up your cybersecurity program.

• TuikIron Internal – “If you connect it - protect it” – Monthly internal network vulnerability scan. Proactively identify and assess security weaknesses that threat actors could exploit if they gain a foothold within your network.
• Internal Network Penetration Test – “Detect. Protect. Defend. Win” – An evolution of the TuikIron Internal service. Involving a deeper scan of your internal network, the information gathered will then be used during a “Time-Boxed” penetration test where a skillful attacker with “Hands-On-Keyboard” will actively attempt to exploit deficiencies in the infrastructure, to escalate privileges, bypass authentication controls, or identify instances where private client data may be exposed. This is not your grandmother’s automated penetration test.
• Incident Response/Business Continuity Training Exercise – “Breaches Are Expensive - Prevention Isn’t” – Ad-hoc workshop/interview style session simulating a cyberattack or IT disaster. Evaluate how well your credit union can respond and recover. Use the findings to help improve your reaction speed and minimize downtime.
• Employee Cybersecurity Training Session – “Hope Isn’t a Security Strategy”– Employee education on recognizing and avoiding cyber threats like phishing, weak passwords, and malware. Learn the security best practices to prevent security breaches and data loss.
• Wireless Security Assessment – “Hackers Love It When You Wing It” – “Hands-On-Keyboard” manual deep-dive assessment of your credit union’s Wi-Fi network. Discover any vulnerabilities and ensure your wireless security adheres to best practices, ensuring hackers cannot exploit weak signals, outdated encryption, or unauthorized access points.
• Third-Party Vendor Risk Assessment – “Hackers Care About Easy, Not Size” – Diligent review of the security practices of external/third-party vendors and services. Ensure third-party vendors do not introduce cyber risks that could impact your credit union’s data and operations.
• Firewall Rules Review – “Stay Smart. Stay Secure” – Analyze firewall rules and settings. Receive recommended optimizations to ensure your firewall blocks cyber threats effectively while allowing necessary business traffic to flow smoothly.

Interest Rate & Market Risk

• Assess how interest rates and market changes impact profitability, assets, liabilities, etc.

Liquidity & Funding

• Meet financial obligations and effectively manage cash flows as you predict and plan for liquidity changes.

Profitability & Performance

• Evaluate earnings, asset returns, and liabilities with Net Interest Income (NII) analysis.

Stress Testing & Scenario

• Simulate a series of market events as well as their potential impacts on your balance sheet.

Parallel Validation

• Run a side-by-side comparison between your existing model and our own, analyzing different outputs.

Model Validation

• Evaluate your process and prioritize compliance with the latest requirements and policies.

Backtesting

• Confirm reliability by comparing your model’s past assumptions with actual market outcomes.

“What If” Modeling

• Simulate market conditions and outcomes through a dynamic model for planning and management.

Policy Development & Review

• Assist with the development of new ALM/liquidity policies and help modernize existing policies.

ALM Training

• Receive personalized training on a range of ALM-related topics (key metrics, analyses, etc.)