TECHNICAL SECURITY REVIEW OF SYSTEMS AND DATA
Trusted Client, Finance industry
Security Transformation, IT Services
February 28, 2010
A global company with operation in 100+ countries needed a system and data review to analyse current system security posture.
A system currency analysis of health check results where needed. The objectives of this health check was to establish system remediation process optimization and insurances of continued system currency qualit in daily operations.
There where also a need for strengthen the process for installation and maintenance of systems and data.
Technical security review of systems, platforms, software and application data management
The globally spread organization used various processes and tools for aqcuiering new systems that had several layers of maturity and could not easely be overviewed. Lack of a central view with insight of ongoing projects, pipeline and future needs did not enable a standardized approach for qcuiering new systems.
In addition, there wehere no organization standard for system hardening and system controls implemented to detect vulnerabilities and weaknesses in the organizations assets.
In order to ensure a globally standard that would work for all countries, a project where launched in phases covering all classic project phases from planning, initiating, design, implementation, handover and closure. Each phase had its own target and goals:
- Phase 1.
- Install tools and extract current values of security settings all systems middleware, software and databases.
- Create gap-analysis of detectecd deviations and threats.
- Seperate false findings from true findings.
- Risk assessment of all findings including probability and impact analysis
- Phase 2.
- Plan and execute remediation of existing vulnerabilities and threats.
- Implement mitigating controls where system remediation is not possible (e.g. system dependent)
- Phase 3.
- Review and update current process for acquire new system to adhere to organization minimum security standard.
- Review and update process and tools for system security check with minimum repeated chech and actions.
- Implement the new processes for acquisition and system maintenance.
The overall set of completed deliverables included:
- Deep analysis of business system security settings
- Documentation of detected vulnerabilities and threats.
- A root cause analysis of health check deviations.
- Recommendations for remediation and/or mitigation of system settings deviations.
- Organizations corporate security strategy and policy reviewed and updated.
- Process optimizations for system installation and maintenance.
- Remediation plan with stakehlder and owner assigned for actions.
IT consulting service with support for development and maintenance in the form of consulting advice with focus on
IT and Information Security and Risk Management, adherence to Compliance (legal and regulatory requirements), and leading implementation of management systems for control of IT and Information Systems (ISMS/LIS).
© Copyright. All Rights Reserved