Post on 18-Mar-2018
transcript
Transform to the power of digital
Cybersecurity @ Capgemini Consulting
Capgemini Consulting Cybersecurity Service Portfolio
July 2015
Growing requirements and recent trends continue to pose new challenges to Cybersecurity and endanger the success of Digital Transformation for today’s companies
Cybersecurity challenges
Copyright © 2015 Capgemini Consulting. All rights reserved.
2
Organized cybercrime with sophisticated attacks
New requirements and trends Slowly growing Cybersecurity budgets
Trends from Digital Transformation
Mobility
Regulatory pressure and new
laws
Business demanding higher
flexibility
Complex ecosystem
Low awareness level of employees due to lack of
holistic programs
DIGITAL TRANSFORMATION
Constrained security resources
Cloud Big Data Social
Industrialization of hacking, professional attack software “as a
service”
National intelligence agencies with unlimited
resources
Employees attacked by phishing, social engineering …
Capgemini Consulting Cybersecurity Framework
Capgemini supports a successful transformation of the Cybersecurity function into an integrated, strategic and risk-focused business partner
3
Organization Transformation & Professionalization
ORGANIZATION & PEOPLE
PROCESSES TECHNOLOGY
STRATEGY & GOVERNANCE
Program Management Change & Communication Management
Cybersecurity Ecosystem
CYBERSECURITY & INFORMATION PROTECTION MATURITY ASSESSMENT
CYBERSECURITY RISK MANAGEMENT
CYBERSECURITY TARGET OPERATING MODEL (ISMS)
AWARENESS 2.0
SECURITY EXPERT TRAINING
3
CRISIS MANAGEMENT
IDENTITY AND ACCESS MANAGEMENT
MOBILE SECURE
Deep Dive - Cybersecurity Offerings
2
Copyright © 2015 Capgemini Consulting. All rights reserved.
END-POINT SECURITY
DATA CENTER SECURITY/ SOC SERVICES
APPLICATION AND OT SECURITY
1
CySIP Maturity Assessment approach
Capgemini performs its Cybersecurity & Information Protection (CySIP) Maturity Assessment based on a proven approach and standardized tools
Copyright © 2015 Capgemini Consulting. All rights reserved.
4
Conduct focus interviews with business and IT to assess maturity
Identify vulnerabilities and gaps Benchmark with best practices Define pain points, quick wins and
long-term measures
Prioritize measures Define high-level business case Define transformation plan Align results with stakeholders Prepare decision documents
Define scope of assessment Derive strategic guidelines Determine client-specific threats Identify business-critical
information and systems
MATURITY ASSESSMENT TRANSFORMATION ROADMAP SCOPING & VISIONING
Overview of evaluated vulnerabilities and gaps
Assessed CySIP maturity Measurement catalogue
Aligned and prioritized measures High-level business case Transformation plan Final decision documents
Aligned questionnaires Defined strategic guidelines Overview of business-critical
information and systems
Imp
lem
enta
ito
n
Res
ult
s A
ctiv
itie
s
Man
age
me
nt &
Go
vern
ance
Int.
Org
aniz
atio
n &
Cli
en
t
Applications & Operating System Network & Hardware
Q4 2014 2015 2016
Analyze data privacy organization
Design IS policy framework
Outline governance principles for data
Describe governance profiles and roles
Transform to new organization
Analysis business & IT requirements
Develop security architecture model
Design technical solutions
Build and customize designed solution
Test and deploy services
Conduct risk and stakeholder analysis
Perform survey to assess awareness level
Develop awareness concept
Design awareness objects
Define business continuity strategy
Develop decision structures
Develop organization plan
Implement awareness objects
Perform 2. survey to measure effectiveness
Define business impact analysis (BIA)
Conduct business impact analysis
Formulate SLAs
Define business continuity plans
Define business continuity plans
CE v6.3 © 2007 Capgemini - All rights reserved
071217_IT ORGANIZATION AS-IS AND TO-BE_V11_TW-JW.PPT2424
The to-be organization features an org-line for functional business interaction as well as for supply management to enhance the capabilities
Org structure – To-be IT demand organization
Organization chart
Global Supply R&D
External Supply (EDM)
Business Information Manager (BIM)
HR
Controlling
Contract Management
Architect
Project Port-folio Mgmt
TechnologyInnovation
QualityMgmt
IT Strategy
Business Consulting (SAP,EDM)
Business (Key user)
Germany
France
Netherlands
R.o.W
Local ITMgmt
R&D RES-QS
Manufact.
… Global Functional Information
Management
Service Mgmt
Com.
Com. line
Communication line
Communication line R&D
RESQS
Manufact.
S&M
Global IT Management
Internal Supply (SAP, IM)
USCRIS SM EDM
Global Supply Management
• Vacant positions in Gl obal Functi onal Information Management (GFIMs) ar e re-staffed and enhanced by business consulting capabilities for SAP and EDM
• New organizational line manages Pharma-specific suppl y as well as i nternal and external provi ders
0
1
2
3
41.1 Strategy
1.2 Governance Structure
1.3 IT Compliance Management
1.4 IT Risk Management
1.5 BCM/DRM
1.6 Audits
1.7 Data Privacy
1.8 Security Incident Reporting
Bundesministerium für Finanzen Public Sector
Top Performer in Peer Group Total Average (All Participants)
C-LEVEL AND BUSINESS-ORIENTED, STRUCTURED APPROACH FOR AN ACCELERATED
INCREASE OF CLIENT’S MATURITY AND DEFINITION OF A CYBERSECURITY STRATEGY
Ph
ase
Why Capgemini Consulting?
C-Level and business-oriented for alignment with business/IT strategy Toolkit of proven questionnaires for accelerated maturity assessment
Extensive benchmark database for peer comparison Collaborative approach to define clear strategy
Technology Processes
1
Cybersecurity Risk Management
Capgemini helps organizations to protect their critical information assets using optimal investment strategies that minimize operational risk
Copyright © 2015 Capgemini Consulting. All rights reserved.
5
Describe procedures & interfaces Define roles & responsibilities and
KRIs Develop reporting Profile threats and vulnerabilities Develop questionnaires
Conduct risk assessments with business and IT to identify and evaluate risks
Create a holistic risk register Define risk mitigation measures Implement process
Define scope of risk assessment Identify critical information assets Assess business impact (business
impact analysis) Perform gap analysis and define
measures
TO-BE DESIGN RISK ASSESSMENT &
IMPLEMENTATION VISIONING &
AS-IS ANALYSIS
Policy and process description Role descriptions/ RACI Reporting templates Risk assessment templates
Validated risk assessment results Consolidated risk register Measurement catalogue Training material & reporting
Assessment scope Realistic and worst-case inherent
business impact ratings Overview gaps/ measures
BUSINESS-FOCUSED, STRUCTURED AND PRACTICAL RISK MANAGEMENT METHODOLOGY
BASED ON RIGOROUS ASSESSMENT TO CREATE A HOLISTIC PROFILE OF DIGITAL RISKS
Why Capgemini Consulting?
Proven best practices approach to create a holistic risk profile Focus on business perspective (“Digital Risk”)
Practical methodology with rigorous assessment process Best practice templates to focus on key risks
Technology Processes
2
Pro
bab
ilit
y HIGH
MEDIUM
LOW
LOW MEDIUM HIGH
Impact
7
2
3
1
4
6
511
9a
9c9b9d
8
12
10
13
14b
14a
Aktuelle Themen
Bewertung
Maßnahmen
Themenbereich Anz. Grün Gelb Orange Rot Veränderung
zur Vorperiode
Thema 1 2 0 0 2 0 #DIV/0!
Thema 2 0 0 0 0 0 #DIV/0!
Thema 3 0 0 0 0 0 #DIV/0!
Thema 4 1 0 0 1 0 #DIV/0!
Management Summary
Darstellung des Umsetzungsstands von risikobehandelnden Maßnahmen zu wesentlichen Risiken
Überblick über aktuelle, gruppenweite Themen, z.B. IT-Projekte, Veränderungen beim IT-
Outsourcing
Zusammenfassung der Bewertung der gruppenweiten Risiken und dem Status der Risikoindikatoren
(Early Warning System)
Kommentierung
Res
ult
s A
ctiv
itie
s P
has
e
Cybersecurity Awareness 2.0
Awareness initiatives offered by Capgemini leverage broad communication campaigns and targeted training for roles with high risk profiles
Copyright © 2015 Capgemini Consulting. All rights reserved.
6
CONTENT ADAPTION PLANNING QUICK SCAN
Ph
ase
REVIEW RISKS, EXISTING AWARENESS INITIATIVES AND ANALYZE STAKEHOLDER AND
TARGET GROUPS
PRAGMATIC ADOPTION AND CREATION OF AWARENESS
CONTENT, OUTLINE OF KPIs AND MULTIPLIERS
DEFINE TRANSFORMATION
ROADMAP FOR PRIORITIZED MEASURES
Ob
ject
ives
Store Front
Timesheet
Workforce Management
Mobile CRM
Mobile
Worker
Approvals
InteractiveDashboards
Mobile Executive Reports
Employee Tracking
Self-Service Operations
Support
Mobile Sales
Training
Documentation
Collaboration Tools
Mobile Service
Customer Factsheets
Customer Interaction
Tracker
Pushed Information
AutomatedServices
Product Information
Assistance Services
Short Term
MidTerm
LongTerm
StrategicGoal
Leadership team*
• Global
• Europe
Joint project team
• Other projects within Company
Employees Europe
• Unit A
• Unit B
• Unit C
B
C
Retailers
Other distributors H
Consumers
I
K
Europe Leadership team
(first line leaders)
• Unit A
• Unit B
• Unit C
Manufactures
External Stakeholders Internal Stakeholders = target audience
G
Corporate Functions
• Communications
• HR
DRest of Europe
Organisation
• Employees other units
A
E
F
Workerscouncil
Change Program
J
The “Dark hotel” attack is targeting high-profile business travelers
48
Please remember:
Hackers use fake update notifications to get you to install malware on your computer.
“Dark hotel” attack – Step by step
2
You connect to the already
infected hotel Wi-Fi with your laptop
or Smartphone
You receive a fake software
update notification on your device
An update is ready to install!
You install the faked update which is a
spy software that gives hackers
access to the PC
Hackers steal data, record
keystrokes and infiltrate
the o network
4
Tips for using foreign Wi-Fis
1. Always use the Company VPN
connection for any transmission of
confidential data
2. Do not download or apply any updates in
foreign Wi-Fis
3. Turn off the wireless functions (Wi-Fi,
Bluetooth, GPS and NFC) of your mobile
devices when you don’t need them
4. Always check if websites use the HTTPS
standard in the address bar
5. Always keep your antivirus software up-to-
date (update at Company or at home)
6. If you are unsure, use the roaming
package of your phone or your UMTS laptop
adapter instead
3
1
Possible threats
while on tour
Secure usage of
wireless services
Remote access
capabilities Copyright © 2015 Capgemini Consulting. All rights reserved.
Technology Processes
Strategy &
Governance 3
Why Capgemini Consulting?
Structured, proven approach to optimize ongoing campaigns Flexible and easy-to-adopt solutions
Extensive knowledge in change and communication mgmt Measurable impact based on implemented KPIs
PROACTIVELY TACKLE SECURITY THREATS BY INTRODUCING POSITIVE SECURITY
BEHAVIORS THROUGH A HOLISTIC CYBERSECURITY AWARENESS CAMPAIGN
Capgemini Consulting relies on a strong and global Cybersecurity capability network within the Capgemini Group
Capgemini Group offers and capabilities
Copyright © 2015 Capgemini Consulting. All rights reserved.
7
2,500+ Capgemini
resources with Cybersecurity skills
Canada
United States
Mexico
Brazil
Argentina
All over Europe
Morocco
Australia
People’s Republicof China
India
Chile
Guatemala
Singapore
Philippines
Taiwan
Vietnam
UnitedArab Emirates
Malaysia
New Zealand
Japan
South Africa
Colombia
Cybersecurity Awareness
Security transformation program management
Design and implementation of security solutions
Digital security assessment & strategy and
risk management
Management
Security technical assessment
Transformation
Build
Thank you.
Copyright © 2015 Capgemini Consulting. All rights reserved.
8
Dr. Guido Kamann Head CIO Advisory Services DACH
Capgemini Suisse S.A. Leutschenbachstrasse 95 CH-8050 Zürich
Phone: +41 44 5602 400 E-Mail: guido.kamann@capgemini.com
Dr. Paul Lokuciejewski Lead of Cybersecurity Consulting
Capgemini Deutschland GmbH Berliner Str. 76 D-63065 Offenbach
Phone: +49 151 4025 0855 E-Mail: paul.lokuciejewski@capgemini.com