Assurance • Compliance Assessment

Developing or Refining Frameworks, Architecture, Policies and Guidelines for Cryptography

As computing power increases, the cryptography algorithm and controls must also be coherent with the evolution of computing power. Robust key management processes should be in place to preserve trust in the last line of defence. “ Confidentiality, Integrity and Availability are different things and require different methods in cryptography.

FIRMUS offers assessment services including gap analysis and compliance status with respect to different compliance guidelines and accepted best practices from different countries.

BNM RMiT

  • 10.16 – Policy & Procedures
  • 10.17 – Roles & Responsibilities
  • 10.18 – Third Party Dependencies
  • 10.19 – Control
  • 10.20 – Certification Authority
  • 10.51 & Appendix 10: Cloud Key Management
  • Appendix 9 – Supervision

SC Guidelines on TRM

  • 7.19 – Controls
  • 7.20 – Policies and Procedures
  • 8.09 & 8.11 – Cloud Key Management

MAS TRM Guidelines

  • 6.1 – Crypto in Secure Coding
  • 10.1 – Algorithm and Protocol
  • 10.2 – Key Management

Our Methodology

PEOPLE

Understanding and skill set of the application / infrastructure owners / custodian on cryptography

PROCESS

Adequacy of Policies & Procedures Currently In Use

Cryptography Controls

TECHNOLOGY

Key Lifecycle Processes and Management

Key Types and Encryption Standards
Automation Procedures (where applicable)

STAGE 1 - SCOPE AND PLAN

Confirm Scope

Plan Project Schedule

STAGE 2 - ASSESS

Document and Record Assessment

STAGE 3 - REPORT

ESP Assessment Report

ESP Declaration

Cryptography Consultancy

Based on international standards such as NIST, AICPA, IETF, ISO etc, Our services in cryptography consultancy assists organisations to build the framework, policies, guidelines and architecture for cryptography best practices.

Solution Offerings

Cryptography Keys are best managed with proper tools and solutions. We offer Key Management Solutions which include:

  • Cipher Trust Manager
  • Data Security Manager
  • Cipher Trust Cloud Key Manager
  • Enterprise Key Management

For organisations which have various uses of cryptography e.g. ikeys in machine identity and are dealing with external and internal cryptography trust services providers, our suite of solutions will automate the process of certificate lifecycle management thus greatly easing the burden on human resources due manual processes in addition to a reduction in risk of human error.

Explore Our Compliance Assessment Services

Let us help you make informed decisions and set your business up for success through our range of compliance assessment services.

External Service Provider (ESP) Cyber Security Risk Assessment

Security Compliance Assessment (BNM/MAS/MCMC)

SWIFT Security Assessments

SC Cyber Risk Guidelines Assessment

Talk To Us

Penetration testing, cyber security strategy, proof-of-value, or just some information? Our domain experts provide bespoke cyber security offerings to solve your digital transformation challenges.

Assurance • Compliance Assessment

Developing or Refining Frameworks, Architecture, Policies and Guidelines for Cryptography

FIRMUS offers assessment services including gap analysis and compliance status with respect to Bank Negara Malaysia (BNM) Risk Management in Technology (RMiT) and accepted best practices.

Our Methodology

PEOPLE

Understanding and skill set of the application / infrastructure owners / custodian on cryptography

PROCESS

Adequacy of Policies & Procedures Currently In Use

Cryptography Controls

TECHNOLOGY

Key Lifecycle Processes and Management

Key Types and Encryption Standards
Automation Procedures (where applicable)

STAGE 1 - SCOPE AND PLAN

Confirm Scope

Plan Project Schedule

STAGE 2 - ASSESS

IT Security Assessment for SWIFT Systems

Physical Security Assessment of the SWIFT Setup
Assessment of SWIFT Operations Security Governance and Processes

STAGE 3 - REPORT

SWIFT Security Assessment Report

Cryptography Consultancy

Based on international standards such as NIST, AICPA, IETF, ISO etc, Our services in cryptography consultancy assists organisations to build the framework, policies, guidelines and architecture for cryptography best practices.

Solution Offerings

Cryptography Keys are best managed with proper tools and solutions. We offer Key Management Solutions which include:

  • Cipher Trust Manager
  • Data Security Manager
  • Cipher Trust Cloud Key Manager
  • Enterprise Key Management

For organisations which have various uses of cryptography e.g. ikeys in machine identity and are dealing with external and internal cryptography trust services providers, our suite of solutions will automate the process of certificate lifecycle management thus greatly easing the burden on human resources due manual processes in addition to a reduction in risk of human error.

Explore Our Compliance Assessment Services

Let us help you make informed decisions and set your business up for success through our range of compliance assessment services.

External Service Provider (ESP) Cyber Security Risk Assessment

Security Compliance Assessment (BNM/MAS/MCMC)

SWIFT Security Assessments

SC Cyber Risk Guidelines Assessment

Talk To Us

Penetration testing, cyber security strategy, proof-of-value, or just some information? Our domain experts provide bespoke cyber security offerings to solve your digital transformation challenges.