MAS TRM COMPLIANCE SERVICES
What is MAS TRM?
MAS TRM is a comprehensive set of guidelines from the Monetary Authority of Singapore aimed at helping Financial Institutions (Fis) improve their cyber resilience and establish sound and robust technology management practices. MAS TRM is an acronym for ‘Monetary Authority of Singapore Technology Risk Management’.
Benefits Of MAS Compliance
The MAS TRM Compliance service helps an organisation:
- Determine maturity of the controls implemented and identify gaps/areas of improvements regarding the MAS TRM Guidelines.
- Determine the applicability of controls and assessing the policy/process as well as security controls to determine the overall maturity and effectiveness of the security posture of your organisation.
Meeting The Challenge
Implementing the MAS TRM cybersecurity guidelines and managing compliance to it, is a challenge faced by many organisations large and small. The requirement to implement controls, be cyber resilient and institute robust risk management and oversight can seem a daunting process and can be difficult to evaluate.
For those wanting to understand and improve their current security posture, the range of services provided by Nettitude can be used to baseline your maturity level and help you evolve your information security strategy in alignment with the MAS TRM Guidelines.
About The MAS TRM Compliance Service
- Nettitude can help our clients analyse their security posture against the MAS TRM Guidelines and identify gaps and areas of improvement. The MAS TRM Compliance review service provided by Nettitude will be delivered in a phased approach conducted by experienced consultants. Our consultants are well-versed with NIST, ISO 27001:2013, CIS and other industry frameworks many of which are the building blocks of the MAS TRM Guidelines.
- Our MAS TRM compliance consultants will conduct workshops with different stakeholders through different stages of the engagement. The workshops are designed for top-level management, decision-makers, risk owners, business lines and IT champions – people who have vested interests in compliance with the MAS TRM Guidelines and can additionally provide inputs on the scope of the services that your organisation engages in. Our consultants will also identify the systems, application, infrastructure, technologies that are used by your organisation to deliver services to your customer and therefore is in the scope of the MAS TRM Guidelines.
- If you are running a security or compliance regime, such as PCI DSS, ISO/IEC 27001:2013, NIST Cybersecurity Framework it will demonstrate how the work you are already doing brings you closer to achieving compliance with the MAS TRM Guidelines.
- Our consultants will perform an ISMS review which is aimed at evaluating the existing ISMS that your organisation has in place. Our consultants will review your policies, procedures, process documents to determine how well they align with the MAS TRM Guidelines to determine compliance, identify gaps and potential areas of improvement.
- Our consultants will use a combination of substantive and compliance methods to assess your security controls against the clauses provided in the MAS TRM Guidelines and determine how well your organisation is operating these controls. This review will look across your entire organisation to provide you with an indication of your security posture and risk levels which you are currently exposed to as against the MAS TRM Guidelines. It will also provide you with the ability to create SMART activities/objectives to address those risks.
- Nettitude firmly believe in operating good security as the foundation of our offerings so have broken down the MAS TRM Guidelines Compliance review into a number of distinct activities across the following phases:
Phase 1: Planning and Preparation
During this phase, our consultants will conduct kick-off meetings and workshops to determine the business context and services of the FIs.
Our consultants will also identify the systems and infrastructure used that are in-scope for the MAS TRM Guidelines and technologies used by the FIs
Phase 2: Fieldwork
During this phase, our consultants will review all existing policies, procedures, and processes and assess how effectively the FI has designed controls for technology risk management and cyber resilience.
Our consultants will also perform sample-based testing for the controls to determine the operating effectiveness of the controls designed and implemented.
Phase 3: Reporting and Recommendation
During this phase, our consultants will compile the results of the fieldwork performed and prepare reports to be delivered to your organisation.
The report will detail the gaps identified against the MAS TRM Guidelines, areas of improvement with detailed issue descriptions as well as recommendations on how the gaps can be remediated.
Our Other Services That Can Help Clients With MAS TRM Guidelines
Nettitude can help our clients to navigate through the various controls specified in the MAS TRM Guidelines through a range of our services that clients can avail based on specific scenarios. The table below provides some of our services mapped to the MAS TRM clause.
- Policies and process development
- Asset Inventory development
- Third Party Security Assessments
- Security Awareness Training
- Source Code Review and Application Security Testing
- Physical Security Assessments
- Nettitude SOC
- Nettitude CERT
- Vulnerability Assessment and Configuration Reviews
- Penetration Testing
- Nettitude Bug Bounty Program
- Nettitude Red Teaming and Simulated Targeted Attack and Response (STAR)
- Nettitude GRC (Assist with compliance testing and IT Internal Audit)
Founded in 2003, Nettitude is an award-winning provider of cybersecurity services, bringing innovative thought leadership to the ever-evolving cybersecurity marketplace. Leveraging our tenacious curiosity, we aim to operate at the forefront of the industry. Through our research and innovation centres, Nettitude provides threat led services that span technical assurance, consulting and managed detection and response offerings.
We are driven by a desire to build and deliver the best cybersecurity propositions in the industry and stay abreast of the evolving legislative and regulatory cybersecurity landscape. This helps our clients to prioritise their cybersecurity risks, enabling them to focus on the activities that are core to their business.
We aim to empower our clients, imparting knowledge, advice and assistance to help them deploy changes in behaviour, understanding, and where appropriate, culture. This methodology is at the core of our services, helping provide pragmatic cybersecurity for industries such as Finance & Banking, IT, Technology and Engineering, Maritime, Offshore, Retail, Healthcare, Manufacturing and Critical National Infrastructure.
Request a free quote