Who We Serve

FinCSIRT currently offers various services to different parties, not limited to the following:

Specialized Services for the Financial Sector

  • Sectoral Information Security Development Services
    • Assisting the Central Bank of Sri Lanka (The Regulator) in sector information security posture building
    • Assisting financial sector affiliated stakeholders in providing secure services to financial institutes
      • Working with Sri Lanka CERT | Digital Ministry | SLBA | CID | Vendors …etc.
    • Uplifting the information security resiliency of the Sri Lankan financial sector
      • Publishing of information security best practices and standards (Framework and Baseline Controls)
      • Assessing the information security readiness of the financial sector institutes (R&D: Likelihood Calculation Algorithm)
      • Continuous uplifting of the capabilities of personnel responsible for handling information security incidents with simulated live threat environments (Cyber War Games)
      • Uplifting individual institutes’ strength in information security resiliency
        • Service Level Agreement-based services by FinCSIRT to its members (CORE & ISOC Services)
        • Acting as internal Information Security Consultant for financial institutes
        • Assisting in conducting training and awareness programs for organizational employees
        • Assisting in the implementation of information security best practices and standards
  • Global Information Security Development Services
    • Supporting international FinCSIRTs and CERTs for information security development
    • Coordinating and cooperating with international CERTs for incident response activities

Value Added Services (VAS)

At FinCSIRT, we offer a comprehensive suite of Value-Added Services (VAS) designed to enhance the cybersecurity posture of our clients.

Phishing Simulation Tests

Simulated phishing attacks designed to evaluate employee awareness and response to social engineering threats.

Vulnerability Assessments

Systematic evaluation of IT assets to identify security weaknesses and potential risks.

Penetration Testing

Controlled, ethical hacking to test and strengthen system defenses against real-world attacks.

Gap Analysis against CBSL Regulations

Assessment of organizational processes to identify compliance gaps with Central Bank of Sri Lanka regulations

IT General Controls Audit

Comprehensive review of IT policies, procedures, and controls to ensure reliability, security, and regulatory compliance

Awareness Campaigns

Raising staff awareness on IT security best practices and policies.