Risk Assessments

H.M. Payson & Company


H.M. Payson sought a broad based assessment of their overall security position. From policies, to plans, and even physical security wanted an independent assessment of their current security infrastructure along with identification of any areas for improvement.

Value Delivered

NCG leveraged proprietary security risk assessment model to assess H.M. Payson’s internal and external in addition to third-party outsourced systems. NCG’s security model has specific components specifically geared towards financial institutions—internal systems as well as outsourced partners. It takes specific note of regulatory provisions including SOX, HIPAA, and PCI compliance as part of the assessment. NCG assessed H.M. Payson’s internal, external, and third-party outsource infrastructure, security policies, configurations, architecture, and performed scans across each platform. Detailed reviews of configuration management, IT policies and procedures, HR policies, physical security policies and entry point configurations were conducted as well. NCG audited and assessed seventeen essential areas based on BS ISO/IEC17799, PCI, FISMA, and ITIL:

  • Security policy and process
  • Security organization and personnel
  • Asset management and classification
  • Human resources security
  • Physical and environmental security
  • Network Security and Operations Management
  • Security access controls
  • Information Systems Third Party Integration, Development, and Maintenance
  • IT Security Policy
  • Information Security Incident Management
  • Business Continuity Management
  • Compliance
  • Configuration Management
  • Hardening Guides
  • Patch Management
  • Software Development Methodology
  • System Development Life Cycle Methodology


NCG provided H.M. Payson with a broad yet detailed view of security across their organization including connections points with external partners. Areas of improvement were identified and specific action steps were provided.

Back to Top