Cybersecurity @ Capgemini Consulting Capgemini Consulting Cybersecurity Service Portfolio July 015 Transform to the power of digital
Growing requirements and recent trends continue to pose new challenges to Cybersecurity and endanger the success of Digital Transformation for today s companies Cybersecurity challenges New requirements and trends Slowly growing Cybersecurity budgets Regulatory pressure and new laws Business demanding higher flexibility Complex ecosystem Low awareness level of employees due to lack of holistic programs Constrained security resources Mobility Trends from Digital Transformation Cloud Big Data Social DIGITAL TRANSFORMATION Employees attacked by phishing, social engineering Industrialization of hacking, professional attack software as a service National intelligence agencies with unlimited resources Organized cybercrime with sophisticated attacks
Capgemini supports a successful transformation of the Cybersecurity function into an integrated, strategic and risk-focused business partner Cybersecurity Ecosystem Capgemini Consulting Cybersecurity Framework 1 STRATEGY & GOVERNANCE CYBERSECURITY & INFORMATION PROTECTION MATURITY ASSESSMENT ORGANIZATION & PEOPLE CYBERSECURITY RISK MANAGEMENT AWARENESS.0 CYBERSECURITY TARGET OPERATING MODEL (ISMS) SECURITY EXPERT TRAINING PROCESSES TECHNOLOGY CRISIS MANAGEMENT IDENTITY AND ACCESS MANAGEMENT MOBILE SECURE END-POINT SECURITY DATA CENTER SECURITY/ SOC SERVICES APPLICATION AND OT SECURITY Program Organization Transformation & Professionalization Change & Communication Deep Dive - Cybersecurity Offerings
Capgemini performs its Cybersecurity & Information Protection (CySIP) Maturity Assessment based on a proven approach and standardized tools Phase Results Activities CE v6. CRIS SM EDM 007 Capgemini - All rights reserved 07117_IT ORGANIZATION AS-IS AND TO-BE_V11_TW-JW.PPT 4 & Governance Int. Organization & Client Design IS policy framework Analyze data privacy organization Conduct risk and stakeholder analysis Perform survey to assess awareness level Outline governance principles for data Define business continuity strategy Develop decision structures Develop awareness concept Define business impact analysis (BIA) Describe governance profiles and roles Design awareness objects Conduct business impact analysis Develop organization plan Implement awareness objects Formulate SLAs Analysis business & IT requirements Transform to new organization Define business continuity plans Perform. survey to measure effectiveness Define business continuity plans Develop security architecture model Build and customize designed solution Design technical solutions Test and deploy services Implementaiton 1 Processes Technology CySIP Maturity Assessment approach C-LEVEL AND BUSINESS-ORIENTED, STRUCTURED APPROACH FOR AN ACCELERATED INCREASE OF CLIENT S MATURITY AND DEFINITION OF A CYBERSECURITY STRATEGY SCOPING & VISIONING The to-be organization features an org-line for functional business interaction as well as for supply management to enhance the capabilities Org structure To-be IT demand organization Organization chart MATURITY ASSESSMENT TRANSFORMATION ROADMAP Business (Key user) R&D RES- Manu Global Functional QS fact. Information Communication line R&D Communication line RESQS Com. line Manufact. Com. S&M Business Consulting (SAP,EDM) Business Information Manager (BIM) Global IT Global Supply Global Supply IT Strategy R&D HR Quality Mgmt Internal Supply (SAP, IM) Controlling Project Portfolio Mgmt (EDM) External Supply Architect Technology Contract Innovation Service Mgmt Local IT Mgmt Germany France Netherlands US R.o.W 1.8 Security Incident Reporting 1.7 Data Privacy 1.6 Audits 1.1 Strategy 4 1 0 1.5 BCM/DRM 1. Governance Structure 1. IT Compliance 1.4 IT Risk Q4 014 015 016 Applications & Operating System Network & Hardware Vacant positions in Gl obal F uncti onal Information (GFIMs) ar e re-staffed and enhanced by business consulting capabilities for SAP and EDM New organizational line manages Pharma-specific suppl y as well as i nternal and external provi ders Define scope of assessment Derive strategic guidelines Determine client-specific threats Identify business-critical information and systems Aligned questionnaires Defined strategic guidelines Overview of business-critical information and systems Bundesministerium für Finanzen Public Sector Top Performer in Peer Group Total Average (All Participants) Conduct focus interviews with business and IT to assess maturity Identify vulnerabilities and gaps Benchmark with best practices Define pain points, quick wins and long-term measures Overview of evaluated vulnerabilities and gaps Assessed CySIP maturity Measurement catalogue Prioritize measures Define high-level business case Define transformation plan Align results with stakeholders Prepare decision documents Aligned and prioritized measures High-level business case Transformation plan Final decision documents Why Capgemini Consulting? C-Level and business-oriented for alignment with business/it strategy Toolkit of proven questionnaires for accelerated maturity assessment Extensive benchmark database for peer comparison Collaborative approach to define clear strategy 4
Results Activities Phase Probability Themenbereich Anz. Grün Gelb Orange Rot Veränderung zur Vorperiode Kommentierung Capgemini helps organizations to protect their critical information assets using optimal investment strategies that minimize operational risk Processes Technology Cybersecurity Risk BUSINESS-FOCUSED, STRUCTURED AND PRACTICAL RISK MANAGEMENT METHODOLOGY BASED ON RIGOROUS ASSESSMENT TO CREATE A HOLISTIC PROFILE OF DIGITAL RISKS VISIONING & AS-IS ANALYSIS TO-BE DESIGN RISK ASSESSMENT & IMPLEMENTATION Summary 4 HIGH Aktuelle Themen Überblick über aktuelle, gruppenweite Themen, z.b. IT-Projekte, Veränderungen beim IT- Outsourcing MEDIUM 5 8 10 1 1 14a 7 11 Bewertung Zusammenfassung der Bewertung der gruppenweiten Risiken und dem Status der Risikoindikatoren (Early Warning System) LOW 6 9d 14b 1 9a 9b 9c Maßnahmen Darstellung des Umsetzungsstands von risikobehandelnden Maßnahmen zu wesentlichen Risiken LOW MEDIUM HIGH Impact Thema 1 0 0 0 #DIV/0! Thema 0 0 0 0 0 #DIV/0! Thema 0 0 0 0 0 #DIV/0! Thema 4 1 0 0 1 0 #DIV/0! Define scope of risk assessment Identify critical information assets Assess business impact (business impact analysis) Perform gap analysis and define measures Assessment scope Realistic and worst-case inherent business impact ratings Overview gaps/ measures Describe procedures & interfaces Define roles & responsibilities and KRIs Develop reporting Profile threats and vulnerabilities Develop questionnaires Policy and process description Role descriptions/ RACI Reporting templates Risk assessment templates Conduct risk assessments with business and IT to identify and evaluate risks Create a holistic risk register Define risk mitigation measures Implement process Validated risk assessment results Consolidated risk register Measurement catalogue Training material & reporting Why Capgemini Consulting? Proven best practices approach to create a holistic risk profile Focus on business perspective ( Digital Risk ) Practical methodology with rigorous assessment process Best practice templates to focus on key risks 5
Awareness initiatives offered by Capgemini leverage broad communication campaigns and targeted training for roles with high risk profiles Phase Objectives You connect to the already infected hotel Wi-Fi with your laptop or Smartphone You install the faked update which is a spy software that gives hackers access to the PC You receive a fake software update notification on your device Hackers steal data, record keystrokes and infiltrate the o network Possible threats while on tour Secure usage of wireless services Remote access capabilities 48 Strategy & Governance Processes Technology Cybersecurity Awareness.0 PROACTIVELY TACKLE SECURITY THREATS BY INTRODUCING POSITIVE SECURITY BEHAVIORS THROUGH A HOLISTIC CYBERSECURITY AWARENESS CAMPAIGN QUICK SCAN CONTENT ADAPTION PLANNING External Stakeholders Internal Stakeholders = Consumers Leadership team* target audience K Global Europe A Europe Leadership team Manufactures (first line leaders) Retailers J I B Unit A Unit B Change Unit C Program Other distributors H C Employees Europe G Unit A Unit B Joint project team Unit C Other projects F within Company D Workers Rest of Europe council Organisation E Employees other units Corporate Functions Communications HR The Dark hotel attack is targeting high-profile business travelers Dark hotel attack Step by step Tips for using foreign Wi-Fis 1. Always use the Company VPN 1 connection for any transmission of confidential data An update is. Do not download or apply any updates in ready to install! foreign Wi-Fis 4. Turn off the wireless functions (Wi-Fi, Bluetooth, GPS and NFC) of your mobile devices when you don t need them 4. Always check if websites use the HTTPS standard in the address bar 5. Always keep your antivirus software up-todate (update at Company or at home) 6. If you are unsure, use the roaming package of your phone or your UMTS laptop adapter instead Please remember: Hackers use fake update notifications to get you to install malware on your computer. Pushed Information Product Information Assistance Services Automated Services Customer Interaction Tracker Self-Service Operations Store Collaboration Front Tools Training Interactive Dashboards Support Approvals Documentation Customer Mobile Executive Factsheets Reports Strategic Goal Workforce Mobile CRM Mobile Service Mobile Sales Employee Tracking Timesheet Mobile Worker Long Term Mid Term Short Term REVIEW RISKS, EXISTING AWARENESS INITIATIVES AND ANALYZE STAKEHOLDER AND TARGET GROUPS PRAGMATIC ADOPTION AND CREATION OF AWARENESS CONTENT, OUTLINE OF KPIs AND MULTIPLIERS DEFINE TRANSFORMATION ROADMAP FOR PRIORITIZED MEASURES Why Capgemini Consulting? Structured, proven approach to optimize ongoing campaigns Flexible and easy-to-adopt solutions Extensive knowledge in change and communication mgmt Measurable impact based on implemented KPIs 6
Capgemini Consulting relies on a strong and global Cybersecurity capability network within the Capgemini Group Capgemini Group offers and capabilities Digital security assessment & strategy and risk management Cybersecurity Awareness,500+ Capgemini resources with Cybersecurity skills Transformation Security transformation program management Canada Build Security technical assessment United States Mexico Guatemala Morocco All over Europe United Arab Emirates India Japan People s Republic of China Taiwan Vietnam Philippines Colombia Malaysia Brazil Singapore Design and implementation of security solutions Chile Argentina South Africa Australia New Zealand 7
Thank you. Dr. Guido Kamann Head CIO Advisory Services DACH Capgemini Suisse S.A. Leutschenbachstrasse 95 CH-8050 Zürich Phone: +41 44 560 400 E-Mail: guido.kamann@capgemini.com Dr. Paul Lokuciejewski Lead of Cybersecurity Consulting Capgemini Deutschland GmbH Berliner Str. 76 D-6065 Offenbach Phone: +49 151 405 0855 E-Mail: paul.lokuciejewski@capgemini.com 8