FIS integrates security into every project to ensure that the systems we implement are secure and monitored if required. FIS utilizes the National Institute of Standards and Technology (NIST) cybersecurity framework which includes the following activities:
Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities
Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.
Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.
Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.
Our approach to Cybersecurity does not only focus on vulnerability assessment and monitoring alone. We include security as part of our development process. We accomplish this, by training our developers on the latest Cybersecurity threats, best practices for software security, and keeping with the latest in cyber security threats. We also ensure that whenever a vulnerability is identified that the information regarding that vulnerability and remediation actions are shared with all engineers.
In addition, FIS has been developing a number of SaaS products that are being utilized by large Fortune 500 companies some of which are large financial institutions and have very stringent security requirements. To comply with such stringent requirements, we have put steps and checks into our development and implementation process to ensure that our systems are secure and locked down at all levels of the solution including:
- Network and Infrastructure security
- Intrusion protection and prevention
- Application security including
- Code Scanning to ensure that there is no malicious code in the software
- Vulnerability Scans using the Open Web Application Security Project (OWASP) Top 10 scan
- Penetration Testing
- SSL Scan to ensure that all outdated cyphers have been disabled on the server to prevent any security holes.
- Information security
- Disaster recovery & Business continuity planning