SECURITY - GOVERNANCE - RISK - COMPLIANCE
Trusted Client, Financial industry
Security Transformation, IT Services
December 22, 2006
An organization within financial industry required an optimized process for workstation distribution and pre-set design for security. Project was part of an IT Security Transition work stream and functioned as a sub-project. The organization had multiple workstation platforms and images that were created by combining a variety of software components together and, needed to document security settings for each component that the Vendor was responsible for implementing on each workstation.
As Framework for Windows workstation security settings was need to be developed and implemented. Collectively, the documents were to become a framework, aka Workstation Information System Control Document. In general it was the Vendors responsibility for kernel and infrastructure components, including e-mail-system and Microsoft Office and client was responsibility for various add-on components.
The overall organization existed of 600+ users that average needed to renew workstation approximately every 3 years. The Security Transformation Work Stream Program was to create a new ordering model with supporting processes and procedures that streamlined all resources needs covering the whole organization.
It also needed to adhere to the transformation phase of the Global Corporate Cybersecurity Strategy and Governance journey the organization had started.
In order to ensure a globally successful Workstation Security Framework, the project needed to document security settings for each component that IBM is responsible for. As sub-project to a larger transformation program, a Framework for Windows workstation security settings was developed and implemented. Collectively, these documents became a framework, aka Workstation Information System Control Document.
In general the Vendor was responsibility for kernel and infrastructure components, including e-mail systems, Microsoft Office. The organization was responsibility for various add-on components, including applications that could not be included in a digitilized pre-installed configuration.
The overall set of completed deliverables included the framework and manuals for use by end users when requesting a new workstation.
The procurement was divided into different parts in order to ensure that scope was clearly defined.
The project was complete when components had been identified and Workstation Information System Control Document and associated with the Workstation Security Framework document had been produced, and successfully handed over to line organization.
Contact Fogel Consulting through the contact form to receive further information and possibility to present your own case and business needs.