Background:
A global data solutions provider seeking to implement an information security management system in order to proactively identify, prevent and mitigate cybersecurity risks. This is in alignment with compliance regulations such as the ISO 27001 framework, GDPR requirements, and practices of industry peers.
Approach:
Implementation of industry-standard Information Security Management System along with benchmarking of technical requirements based on industry peer practices
Value:
Reduction in residual risk and alignment with rigorous outsourced solution provider industry requirements
Challenges:
- Culture of innovation seen as antithetical to a rigorous information security environment
- Unmitigated risks due to process and technology/tool gaps
- Hybrid environment of cloud + legacy
Solution Elements:
- Cybersecurity risk assessment and gap identification
- ISO 27001 and GDPR alignment assessment
- Benchmarking with peer organizations
- High-security work area requirements
- Policy, process technology gap analysis
- Remediation planning based on cost-benefit and cost of no-action
- Remediation and long-term sustenance
- Leadership alignment and involvement in solution design discussions
- Strengthened information security management system
- Risk governance enhancement
- Stronger alignment with business requirements
- Enhanced reporting, monitoring, and response through tool utilization/implementation; attrition management
Benefits:
- Significant cybersecurity risk reduction through a programmatic approach involving tool implementation, process enhancement, and people alignment
- Proactive preparedness for customer /InfoSec audit and GDPR readiness
Positka deployed a fit-for-purpose solution to support this organization’s need for identifying and implementing industry practices thereby proactively reducing risk.
