SITUATION
A high-profile communications technology company received a Mandated Information Security Program order from the United States Federal Trade Commission (FTC). The FTC order mandated that a comprehensive information security program be established, implemented, and maintained, with the purpose of protecting the security, confidentiality, and integrity of personal and identifiable information. Determining the effectiveness of this program required, through the FTC order, that a qualified, independent third-party perform initial and biennial assessments. In response, FTI Cybersecurity was retained to conduct a series of assessments for the company.
OUR ROLE
Our experts performed regular security assessments, analyzing the establishment, implementation, and maintenance of the company’s information security program. These assessments were conducted in accordance with widely recognized information security and cybersecurity industry frameworks and best practices, including the National Institute of Standards and Technology Cybersecurity Framework Version 1.1. Our experts examined evidence supporting the effectiveness of the information security program and conducted interviews with company personnel to develop a holistic understanding of the company’s processes. FTI Cybersecurity also helped ensure that future security and cyber risk assessments met the FTC’s regulatory and reporting requirements.
OUR IMPACT
FTI Cybersecurity found that the company worked to embed security and trust into their organization. Our experts determined that their information security program had been properly implemented and maintained as a result of the FTC order and was comprehensively designed to protect personal and identifiable information. Further, through risk-based, short-term solutions and broader enterprise transformation, the company’s information security program continues to mature. FTI Cybersecurity provided our comprehensive assessment to counsel and shared our opinion as to whether the company compiled with the mandated FTC order. As the result of this engagement, FTI Cybersecurity was since hired to determine if the company’s information security program meets cybersecurity requirements as defined in Colombian SIC Resolution #83381 of 2021.