© CGI Group Inc. Confidential
Assess the risk. Protect your business. Operate with
confidence
Mika Hållfast, Director, Global Cyber Security, CGI
Confidential
Agenda & Introduction
“Organizations globally are balancing compliance-driven
cybersecurity with security work enabling changing
structures and growing business. With global, industry and
organization based challenges, organizations struggle to
ensure secure operating environment. “
1. Changes in threat actors and operating environment
2. Cybersecurity we need today
3. CGI in Cybersecurity
4. Key takeaways
2
Mr. Mika Hållfast
Director – Global Cybersecurity Bachelor of Engineering (B.Sc.)
Confidential
Cybersecurity we need today
Confidential
Modern Cybersecurity Operations
→ The modern cyber security program must reflect an elevation in strategic position and intent within
the business. It must also move beyond a traditional “defensive” mindset to improved detection
and response capability.
→ We must move from a compliance-driven approach to a risk-driven approach – build a proactive
capability based on a specific risk profile and not on a generic set of compliance standards.
Develop and implement
the appropriate
safeguards to ensure
delivery of critical
infrastructure services.
Develop and implement
the appropriate activities
to identify the occurrence
of a cybersecurity event.
Develop the organizational
understanding to manage
cybersecurity risk to
systems, assets, data, and
capabilities.
IDENTIFY
STRATEGIC ELEVATION ( POLICY, GOVERNANCE, TRAINING & AWARENESS….)
PREVENT DETECT RESPOND
Develop and implement the
appropriate activities to
take action regarding a
detected cybersecurity
event.
Confidential
The Security Operations we need today
Predictive
5
Confidential 6
Confidential 7
Preventive
Preventive controls remain to be efficient for
majority of threats. New emerging technologies with
machine learning will ensure they will remain
efficient for the visible future.
Challenges with preventive control technologies
include the resources needed for continuous
optimization to ensure coverage and adaption to
evolving threats.
Usually controls are not managed holistically but
reside in several organizational or outsourcing
structures reducing the overall security created.
Confidential
Detective
Near Real-time Detection and Analysis of on going
Security Threats
• Incident Management, Response and Forensic
Investigation
• Operated by Teams of Highly Skilled Security
Professionals
• Empowered by Global Situational Awareness
and Threat Intelligence
8
Confidential
Retrospective
“Advanced threats” are difficult to identify with
traditional tools and technologies, in some cases
they are tailored to evade local capabilities.
New approach is needed.
Example of service
Confidential
Predictive
• Anticipation of targeted
threats on the rise
• Supports proactive mitigation
of emerging threats
• Enables automation of
preventive security controls
• Provides Contextual Insight to
Security Operations Teams
and drives more accurate
Triage of Incidents
Continuous Analysis and Fusion of Threat Information and Client Contextual Data to produce
Actionable Threat Intelligence
Confidential
CGI in Cybersecurity
Confidential
CGI Global Cyber Security Strong Cyber Security Capability and Credentials
40+ years of experience in
information security across
government and commercial sectors.
3 accredited test facilities
Canada, US and UK.
Independence in technology,
delivery, service model and
operations.
7 Security Operations
Centers globally
1400 cyber professionals
globally
Tested and proven in some of the
world’s most sensitive and complex
environments
We help businesses and government clients to assess the risk, protect the
business and operate with confidence in the digital world
Confidential
CGI Cybersecurity services
Continuous Security services
Technical Security services
High End consulting services
Confidential
Global SOC network
14
Confidential
Key takeaways
Confidential
Next steps in Cybersecurity
• Automated (CVM) vs. static (CMDB)
• Data assets - Physical assets - Cloud
Identify Assets
• Security devices
• Security monitoring
Build Detective capabilities
• Data assets
• Physical assets
• GDPR
Focus on critical assets
• Don’t only focus on compliance
Not only compliance
16
Confidential
Mika Hållfast
@cgi.com