- Client: Stoner Bunting Gift Cards
- Discipline:Digital Research & Strategy, Security
Cyber Security Project
Stoner Bunting Gift Cards provides program management and fulfillment services that help brands drive sales, loyalty and growth. While most gift cards are not regulated by the Payment Card Industry Data Security Standard (PCI DSS) Stoner Bunting recognized the need to provide a similar level of security to protect both their clients and their own business from cyber security threats.
Node9 was hired by Stoner Bunting to evaluate their current cyber security approach and make recommendations for how it could be improved.
The project was broken out into three phases: Discovery, Design and Implementation. Each phase had specific goals and deliverables.
The Discovery phase involved interviewing internal staff and management, independently reviewing current practices and aligning them with industry standards. We choose to use CIS Critical Security Controls as a benchmark because it is considered one of two best practice standards in the IT industry and because it clearly maps a number of its recommended controls to PCI DSS standards.
During the Design phase we completed a gap analysis to match current efforts against the CIS Controls and highlight areas where they were doing well and other areas which needed improvement.
For the Implementation phase, we prioritized the gaps identified in the Design phase based on their criticality as well as the cost and ease of closing the gap. We created a project plan and one by one, made improvements to their cyber security. Some of the improvements we made include:
- Improved password management tools
- Two factor authentication
- Incident management documentation and process
- Critical data backup and recovery process