Case Study: CEC Bank achieves centralized IT risk governance with Qualys' QualysGuard VM

Bringing Governance to IT Risk Management

CEC Bank, Romania’s largest commercial bank with over 1,200 branches and hundreds of servers across main and disaster-recovery data centers, needed a centrally administered way to manage IT vulnerabilities and meet regulatory and industry compliance. Fragmented, ad-hoc handling of flaws and configuration changes left the bank exposed to potential attacks and compliance gaps, prompting the creation of a chief information security officer role and a consolidated risk-management mandate.

CEC Bank implemented QualysGuard VM’s SaaS vulnerability-management solution to automate discovery, prioritization, scanning and remediation tracking across its external and internal networks and remote branches. The on-demand deployment was easy to roll out and integrate with existing security controls, improving governance, streamlining workflows, and helping the bank meet national and international standards (including ISO 27001); CEC plans to extend QualysGuard to its disaster-recovery site and deepen its use across the organization.

CEC Bank

Razvan Cosmin Grigorescu

Chief information security officer