FinCSIRT - About Us

Sri Lanka Financial Sector Computer Security Incident Response Team

(FinCSIRT)

"Together, We Build a Secure Financial Sector"

Services We Offer

FinCSIRT currently offers various services to different parties, not limited to the following:

  • 40 Banks and Finance Companies
  • Central Bank of Sri Lanka
  • Sri Lanka Bankers Association
  • Sri Lanka CERT | CC
  • LankaPay (Pvt) Ltd
  • Supporting parties for the Sri Lanka Financial Sector – Vendors, CID, Ministries…etc.
  • Global parties – Financial Sector Security Teams (Globally), Asian Pacific CERTs…etc.

FinCSIRT currently offers the following services to the affore mentioned parties:

  • Sectoral Information Security Development Services
    • Assisting the Central Bank of Sri Lanka (The Regulator) in sector information security posture building
    • Assisting the financial sector affiliated stakeholders in providing secure services to the financial institutes
      • Working with Sri Lanka CERT | Digital Ministry | SLBA | CID | Vendors …etc.
    • Uplifting the information security resiliency of the Sri Lankan financial sector
      • Publishing of information security best practices and standards (Framework and Baseline Controls)
      • Assessing the information security readiness of the financial sector institutes (R&D: Likelihood Calculation Algorithm)
      • Continuous uplifting the capabilities of the personal responsible for handling information security incidents with simulated live threat environments (Cyber War Games)
      • Uplifting the individual institutes strength in information security resiliency
        • Service Level Agreement based services by FinCSIRT to its members (CORE & ISOC Services)
        • Act as internal Information Security Consultant for the Financial Institutes
        • Assist conducting training and awareness for the organization employees
        • Assisting the implementation of information security best practices and standards
  • Global Information Security Development Services
    • Supports international FinCSIRTs and the CERTs for information security development
    • Coordinate and corporate with international CERTs for incident responses activities

Value Added Services (VAS)

At FinCSIRT, we offer a comprehensive suite of Value-Added Services (VAS) designed to enhance the cybersecurity posture of our clients.

  • Phishing Simulation Tests
  • Vulnerability Assessments
  • Penetration Testing
  • Gap Analysis against CBSL Regulations
  • IT General Controls Audit