Security - the Foundation of Open Banking

Security is one of our core strengths.

Trust and confidence are essential to the success of any Open Banking or Finance initiative.  Without that, participants and users simply will not join.

Ensuring security, and assuring potential participants of security, is therefore fundamental to success.

But security is a complex area, and it is difficult to know where to start.

Open Banking Delivery can help.  Whether Fintech, Bank or ecosystem coordinator, we have World-class expertise available to support you  every step of the way.

In these times of heightened security concerns, we are delighted to be able to draw on deep security expertise.  We offer;

  • Fixed-price security ‘health checks’, ideal for smaller organisations e.g. Fintechs.
  • Training and Security Testing/Assurance using the World-class security incident simulator, SIMOC.  This is highly effective and appropriate for larger organisations e.g. Banks, Utilities
  • One to one consultancy.

We are an International team.  Our partner in Brasil is Carlos Rust, Open Banking Brasil CISO.  He is supported by our UK-based experts Simon Webster and John Wrightson – among the most experienced security personnel available!

Security 'Health Checks'

We offer fixed-price Professional led Security Health Reviews that cover the essential areas for any business to consider and we present a comprehensive post assessment report highlighting:

  • The Technical areas covered
  • Identified Issues and Risks
  • Suggested actions to mitigated the Risks

The table below shows the scope of a typical report.

Our Health Check is designed to give you a good general overview of all security aspects.  After it, you can expect to

  • Know your own risk profile
  • Identified and mitigated key risks
  • Have a clear roadmap for future actions

The Health Check concludes with a trial ‘before and after’ incident scenario using our unique SIMOC tool!

Security Training and Assurance with our Cyber Range Platform - SIMOC

The best way to learn is to try something for real.  The best way to ensure a plan works properly is for it to be used.

This is where our Cyber Range Platform SIMOC (SIMulated Operations Centre) comes in.  This tool, developed initially for Brasilian military and utilities, has been licenced to Open Banking Delivery for use outside Brazil.

It is a ‘hyper realistic simulator’ in which security incident scenarios are executed and mitigated in real time using a representation of an organisation’s actual infrastructure.

This is an excellent way of determining whether existing procedures are successful.  It is also a very engaging means of training, especially when teams are pitted against each other!

SIMOC contains 60 inbuilt scenarios that can be executed on representations of your actual infrastructure – it’s very realistic!  Scenarios include phishing, malware, DDOS, brute force port scanning, SQL injection.

It is an ideal platform for the following types of training and validation;

  • Attack and defense techniques to improve professionals
  • Security incident response process (Red Team, SOC, Blue Team)
  • User Awareness (Social Engineering)
  • Simulation for executives / employees
  • Practical training in web app penetration testing
  • Improving attack techniques
  • Forensic analysis
  • CTF- Capture the Flag exercises

Security Consultancy

If you have a specific need, then our consultancy services can help.

Our World-class experts shall take you along every step of the way to ensure your organisation and services are secure.  Whether large or small, Fintech or Bank, we understand your World!

Of course the advantage of specific consultancy services is simply that we can meet whatever requirements you have.  However, some examples of our recent work may help.

  • How to create a new cyber security function.
  • Planning and preparing for compliance to National standards – e.g. SOC 2, Brasilian Central Bank or OB Brasil.
  • Testing resilience and response to threats.

About SIMOC

SIMOC (SIMulated Operations Centre) is a ‘Hyper-Realistic Cyber Simulator’.  Originally developed by our partner Carlos Rust for use by the Brazilian Military’s Cyber Defense Command Centre, the organisation is certified by the Brazilian MOD as ‘EED’ – a Strategic Defense Company.

SIMOC allows the creation of an accurate replica of an organisation’s infrastructure.  In conjunction with the equally realistic incident scenarios, it enables an in-depth analysis of  vulnerabilities in order to understand how it will react  to a real attack.

SIMOC is an example of a ‘Cyber Range Platform‘.  It provides a cross-functional virtual environment where organizations can prove critical capabilities and demonstrate how effectively they integrate people, processes and technology to protect their information, services and strategic assets.

Using this, an organisation can (for example)

  • Test it’s ability to respond to security incidents and validate its plans
  • Test Cyber Resilience.
  • Assess the cyber capacity and capabilities of a SOC team.
  • Assess the competence of the Red Team.
  • Comply with regulatory and best-practice requirements.
  • Test the cyber proficiency of other Teams, e.g. Blue Team, DevOps, Comms, Legal.
  • Test your team’s current skill set, identifying areas for improvement.
  • Evaluating your team’s readiness and response reflexes against cyber-attacks.
  • Testing the coordination, communications and information sharing of all stakeholders, internal and external teams
  • CTF – Team building!

Over 70% of vulnerabilities are related to People and Process.  SIMOC helps flush that out.

Used to great effect since 2013 by a wide range of clients in Brazil, this service is now available to you.  Just some of those clients are listed here.