top of page
JUDO BANK

JUDO BANK

Judo Capital are an SME lender with aspirations to become a business bank in the near future. Their initial release of their architecture is required to “put the lights on” for start of business operations. Their core applications are cloud hosted and many business activities are conducted using virtual desktop infrastructure. A security assessment of the proposed architecture and operations was requested.

THE CHALLENGE


  • Pragmatically focusing on risk mitigation for key threats to Judo Capital for the initial release and not getting distracted by a myriad of best practice recommendations which would be more suitable for the next release of their architecture.

  • Capturing key best practice recommendations for Release 2 roadmap such as suggested structure of security function etc.

  • Assisting in swiftly setting contractual requirements for security with a key service provider in a two-day turnaround



THE SOLUTION


Security Controls Assessment featuring:


  • Executive Summary

  • Asset appreciation

  • Threat Assessment

  • Risks

  • Security Control Recommendations

  • Release 2 roadmap recommendations


Development of security contract clause template with detailed requirements in areas such as:


  • Annual penetration test borne by supplier

  • Incident response process with post incident review report

  • and notification to Judo Capital of suspected security

  • incidents and confirmed security breaches

  • ISO27001/27002 aligned information security management system

  • SSAE16 Third party audit report

  • Ongoing security governance forums and operational security governance reporting


​Active Directory advisory including recommendations to implement segregation of duties and a draft naming standard for active directory user, privileged and service accounts as well as active directory groups.

KEY RESULT

600+

FOCUSED RISK MIGRATION


Prioritised addressing high-impact security risks for the initial architecture, avoiding less critical best practices to meet immediate launch requirements effectively.



2 DAY TURNAROUND


Delivered a rapid, two-day assessment and contractual security requirements for a primary service provider, ensuring timely and compliant operational readiness.


RELEASE 2 ROADMAPS


Documented essential improvements and best practices, such as a structured security function and enhanced security governance measures, to guide future system iterations.


STRUCTURED SECURITY OVERSIGHT


Implemented ISO27001/27002-aligned security protocols, ensuring ongoing monitoring with an annual penetration test, SSAE16 audits, and regular incident response reporting.

bottom of page