Address C-level Cybersecurity issues to enable and secure Digital transformation

Similar documents
Cybersecurity Strategic Consulting

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Combating a new generation of cybercriminal with in-depth security monitoring

Testing the Security of your Applications

A NEW APPROACH TO CYBER SECURITY

Testing the Security of your Applications

Project, Program & Portfolio Management Help Leading Firms Deliver Value

NNIT Cybersecurity. A new threat landscape requires a new approach

Website (Digital) & Mobile Optimisation. 10 April G-Cloud. service definitions

The Aerospace & Defence industry of tomorrow

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

My Experience. Serve Users in a Way that Serves the Business.

Cybersecurity The role of Internal Audit

How do you give cybersecurity the highest priority in your organization? Cyber Protection & Resilience Solutions from CGI

Key Cyber Risks at the ERP Level

Cyber security Building confidence in your digital future

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

Fraud Solution for Financial Services

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

Automotive Suppliers and Cybersecurity

FFIEC Cybersecurity Assessment Tool

Wealth management offerings for sustainable profitability and enhanced client centricity

Cyber Security Evolved

Cyber Security - What Would a Breach Really Mean for your Business?

Logging In: Auditing Cybersecurity in an Unsecure World

Core Banking Transformation using Oracle FLEXCUBE

THE WORLD IS MOVING FAST, SECURITY FASTER.

CYBER SECURITY INFORMATION SHARING & COLLABORATION

Detecting Anomalous Behavior with the Business Data Lake. Reference Architecture and Enterprise Approaches.

State of Security Survey GLOBAL FINDINGS

Microsoft s cybersecurity commitment

Preemptive security solutions for healthcare

Security & privacy in the cloud; an easy road?

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

Digital Customer Experience

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Transforming Your Core Banking and Lending Platform

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

CONSULTING IMAGE PLACEHOLDER

Cybersecurity Delivering Confidence in the Cyber Domain

Big Data, Big Risk, Big Rewards. Hussein Syed

Cybersecurity. Considerations for the audit committee

CYBER SECURITY TRAINING SAFE AND SECURE

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

Building Secure Cloud Applications. On the Microsoft Windows Azure platform

Capgemini and Pegasystems: Delivering Business Value through Partnership

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.

Cybersecurity and Privacy Hot Topics 2015

CyberSecurity Solutions. Delivering

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Industrial Cyber Security Risk

National Cyber Security Policy -2013

Strengthen security with intelligent identity and access management

CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

Metrics that Matter Security Risk Analytics

How To Protect Your Network From Attack From A Network Security Threat

Risk and responsibility in a hyperconnected world: Implications for enterprises

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Payment Card Industry Data Security Standard

Managed Security Services

Regulatory Compliance Management for Energy and Utilities

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

CYBER SECURITY Audit, Test & Compliance

Application Security Testing Powered by HPE Fortify on Demand. Managed application security testing available on demand

Securing Critical Information Assets: A Business Case for Managed Security Services

RSA Archer Risk Intelligence

Meeting the challenge of software quality and maximizing return on investment Performance driven. Quality assured.

The Evolution of Application Monitoring

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk

Developing National Frameworks & Engaging the Private Sector

The Benefits of an Integrated Approach to Security in the Cloud

CYBER SECURITY, A GROWING CIO PRIORITY

The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v

BT Assure Threat Intelligence

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Managing cyber risks with insurance

Prosodie and Salesforce: Front End solution. Nicolas Aidoud and Ronan Souberbielle

The Protection Mission a constant endeavor

Information Technology Security Review April 16, 2012

Cyber Security: Confronting the Threat

Healthcare Information Security Today

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

Streamlining the Order-to-Cash process

A Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

Retail Security: Enabling Retail Business Innovation with Threat-Centric Security.

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

Transcription:

Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments, diagnosis and audits of your organization, the protection mechanisms you have implemented and your security supervision capabilities related to sensitive data, critical infrastructures and digital transformation. This enables you to define your cyber security strategy and transformation roadmap.

Understand your position and increase your AWARENESS of CYBERSECURITY 2

Understand your position and increase your awareness of cybersecurity As Digital Transformation initiatives gain pace across the world, the threat of cyber attack grows in tandem. Further risks stem from the evolving business and regulatory requirements and technology trends that are posing new cybersecurity challenges and endangering the success of digital programs. In this landscape, while cyber criminals have matured and professionalized, Social, Mobility, Analytics, Cloud and Internet of Things (SMACT) technologies make today s digital enterprise increasingly vulnerable. The criminals are quick to exploit this. The cost both financially and in reputational damage is huge. Estimates suggest the annual cost of cybersecurity attacks is anything from $375 billion to $575 billion. Add to this the once loyal customers who take their business elsewhere following a security breach, reduced competitive advantage, fines, and loss of business due to system downtime, and it s clear why mitigating the threat of cyber attack is a strategic priority. Indeed, cybersecurity is a broad concern strongly linked to trust, innovation, competitiveness and business growth. Safeguarding customer data, research and development findings, intellectual property, business development documentation, and other critical information assets must be addressed in the context of Digital Transformation. For example it should embrace Cloud and Mobile computing, as well as Big Data, IT, Operational Technology (OT) and Internet of Things (IoT). Business leaders in both strategic and operational roles must answer vital questions. How do you know if your business is resilient enough? Are you compliant with privacy and security regulations and corporate policy? Is it possible to combine digital transformation with acceptable risks, and how secure are your websites, IT infrastructures, applications and data? Capgemini help to answer these questions with insight into enterprise security positions. This informs strategies for successful cybersecurity. The more you know about your real situation (vulnerabilities and security controls), the more you can strengthen your organization with effective solutions and procedures for governance, risk and compliance (GRC). 3

The CYBERSECURITY challenges 4

10101010001111111111000000 1010101000111111111100000000 1010101000111111111100000000 0101000111111111100000001110 10001111111111000000010101000 100101010111100000000110010101 1000110101010110000000001010100101 10001110101010000000001110010101000 10000101010000000000000011101010100 10001111111111000000000101010101010 10001101010101110000000001010101010 100011111010101010000000001010101 0101 1010 1110 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 1 The cybersecurity challenges Cyber threats (sabotage, fraud, theft, etc.) and regulatory requirements (personal data protection, critical infrastructures resilience, breach / leak notification, etc.) are an escalating global concern. This raises a number of issues for the modern digital enterprise, including the following four challenges: How to evolve the traditional security model so that there is a focus on data, people and risks. This demands a rebalancing of security protection from network centric to data centric in the fight against data leaks linked to digitization, as well as solutions adapted to anticipate unknown risks. Where best to invest now that security operations no longer rely solely on IT protection. Investment must be balanced between a cycle of cybersecurity activities comprising: anticipation > prevention > protection > detection > reaction (as depicted here). How to align the new cybersecurity vision with business as part of the transformation journey to deliver deep changes in the security function. Protection should be based on the 5 pillars of: data center security; applications & database security; endpoints security; identity & access management (IAM); and data security. How to evolve the security function towards a people-centric approach in order to avoid employees being the weak link. This can be achieved by developing a cybersecurity culture and by strengthening professionalization of security people (including crisis management exercise). In a cyber environment with ever-changing risks and threats, our Strategic services help clients to meet these challenges. How? By providing the insight needed to aggressively establish sound cybersecurity practices that do not hinder businesses performance. Based on a clear Target and Roadmap, we define transformation programs enabling our Operational teams to implement standards (ISO 27xxx and others) and relevant solutions. 5

Partnerships with leading security vendors ensure our clients benefit from the latest tools and technologies to safeguard their enterprise assets. These include partners who are specialists in 50 different security product segments (identity access management (IAM), security information and event management (SIEM), etc.). 5 key pilars of Cybersecurity strategy and architecture Datacenter & Network / Application & database / Data in transit / Endpoints / Identity & Access The World Economic Forum Global Risks 2015 report highlights a number technological risks among the most important global macro risks. Data fraud or theft and cyber attacks are listed in the 10 most likely risks, while the breakdown of critical information infrastructure and networks is among the top 10 risks in terms of impact. The report also points to massive and widespread misuse of technologies as a global risk. Security processes Security architecture Security/privacy by design People awareness Data leak prevention Vulnerability assessment Endpoints Apps Capgemini/Sogeti Data Cybersecurity Infrastructure IAM Threat monitoring Application security testing, system penetration testing Data leak monitoring Computer Security Incident Response Team (CSIRT) Security Operation Center (SOC) Security incident remediation actions The cycle of cybersecurity operations Investment must be wisely balanced between these 12 activities 6

A GLOBAL RESOURCE POOL of consultants and experts 7

A global resource pool of consultants and experts Capgemini s Strategic services are a key component of our broader Cybersecurity Global Practice. This comprises more than 2,500 specialists with cybersecurity skills and a deep knowledge of relevant standards, methodologies, tools and processes. The complete portfolio of services and technologies is designed to help organizations defend themselves against cyber crime, while leveraging the power of SMACT technologies. It s a comprehensive cybersecurity transformation suite of methodologies and services giving clients proven practices, world-class consulting and technology, and leading edge managed security services. These are built on the five pillars of cybersecurity defense: Users, Applications, End-points, Infrastructure and data security Our Cybersecurity Strategic professionals have proven experience of defining and implementing the right strategy, target operating model and GRC structure to help clients ensure their security design and operations support strategic objectives and business continuity. We accompany our clients throughout their digital and cybersecurity transformations with services integrated into the cybersecurity strategy, along with protection and monitoring capability. Securing your Digital Transformation By planning ahead with a cybersecurity strategy as part of your Digital Transformation journey, you will be in a more confident position to stay compliant and achieve cost savings. Your organization will derive a range of benefits around the three key themes of enabling growth, improving resilience and reducing cost. Within these themes, we help our clients to enable Digital Transformation and innovation, while protecting their assets and reputation so that they sustain business growth. We help to extend security from deterrence and protection to prevention and full resilience. And we minimize the impact of breaches and attacks and ensure efficient compliance with regulations, such as those relating to personal data protection. 8

CYBERSECURITY enabling business growth through digital innovation 9

Cybersecurity enabling business growth through digital innovation Cybersecurity is a business enabler for building trust in the digital world. We have deep experience in cybersecurity transformation across Financial Services, Utilities, IT Services, Manufacturing, Government, and other sectors. With a strong focus on data / information protection and IT / OT resilience our Cybersecurity Strategic services comprise: Cybersecurity & Information Protection Maturity Assessment we elaborate a transformation program (quick wins, hot topics and mid-term roadmap) based on a 360 approach (technology, people, process, regulation) leveraging international standards and our own referential; Cybersecurity Organization Transformation and Professionalization we take a global approach to cybersecurity management, encompassing both IT, OT and Data Protection, throughout a qualitative and quantitative assessment of resources (internal and outsourced), organization and governance. We aim to enhance the professionalization of enterprise cybersecurity based on a clear target organization chart, job descriptions (CISO, DPO, analyst, architect, etc.), RACI matrix, governance scheme, sourcing strategy and training / certification programs. Cybersecurity Acculturation & Change Management we put people at the heart of cybersecurity by helping to deploy a relevant cybersecurity cultural change plan (communication, awareness and training) according to profiles, topics, resources and timing. The change management approach depends on a client s maturity and is a central tenet of successful transformation program implementation; Data Classification/Protection/Privacy based on a maturity assessment, we focus cybersecurity programs on critical data protection across the end-to-end process. We help to identify critical data assets and build a data management roadmap including data governance, data classification, identity and access management, storage and destruction, encryption and data leak; 10

Economics and Cyber Insurance for our more mature and biggest clients, our service includes an assessment of cybersecurity budget and its split between organization, protection and supervision. We analyze OpEx and CapEx, people and tools. We also enable our client to review their cyber insurance policy. Crisis Management for C-levels cyber attacks are commonplace and our task is to help our clients to be ready to manage cybersecurity crisis (by elaborating and testing concrete scenarios in their business and operational context). A cyberdefense training platform will be provided in 2016. Our consultants will help you to increase risk control (security and privacy) throughout an effective change management process that balances the risks and opportunities of your digital journey. 11

From Strategic to Operational Cybersecurity & Information Protection Maturity Assessment Elaborate a strategy and roadmap based on Capgemini framework and standards and a 360 approach (technology, people, process, regulation) Cybersecurity Organization Transformation and Professionalization Reposition cybersecurity as a Risk & Compliance and Competitiveness subject separating strategy, operations and controls CSO/CISO Assistance for Security Transformation and Compliance Program Risk analysis and Security objectives Cybersecurity Acculturation & Change Management Deploy relevant communication, awareness and training actions according to profiles (individuals or communities), topics, resources and timing Data Classification, Protection & Privacy Ensure critical / personal data protection through proper classification and end-to-end process (prevention/protection + detection/reaction) Cybersecurity Economics & Cyber Insurance Optimize and adjust budgets (incl. cyber-insurance) by developing a lean management process for cybersecurity and information protection Operational DPO Assistance for Data Privacy Transformation and Compliance Program ISO 27k implementation and certification preparation Security training program and certification preparation Control / Test / Audit of security measures Crisis Management for C-Level Help clients to be ready to manage cybersecurity crisis, by elaborating and testing concrete scenarios in their business and operational context. 12

Impacting Industries 13

Impacting Industries The impact of successful cybersecurity attacks is felt not just on corporate IT, but on the business and its executive too. Our insight, experience and cybersecurity capabilities will ensure your business is resilient against such attacks. Our Strategic Cybersecurity services have helped diverse organizations increase employees awareness of the importance of cybersecurity and define their cyber defense strategies. Clients in Manufacturing, Industry, Utilities, Financial services and the Public Sector have drawn on our Cybersecurity & Information Protection Maturity Assessment service. This features maturity questionnaires (cybersecurity & information protection baseline, data protection, data privacy, critical infrastructures, human factor), as well as market standards (ISO, ISF, C2M2) and automated tools. Our Cybersecurity Organization Transformation and Professionalization service saw us drawing on knowledge of our clients businesses and intimacy with their executives to support transformation initiatives of their security models (organization, key functions and roles, skills, RACI, training program, ) for organizations in Industry, Financial Services, High Tech and the Public Sector. We have provided Cybersecurity Acculturation & Change Management solutions for a large UK Public Agency and international groups (Banks, Insurance, Services), as well as a number of Oil and Gas companies. We adopt best practices and provide acceptable use policies, ready-to-use content and support for employees, IT staff, executives, etc., (on site, online/e-learning, use of different communication channels, and key performance indicators). Our Data Classification/Protection/Privacy/Leakage service has helped to protect data assets for a number of international groups (Banks, Insurance, Oil & Gas). We use assessment questionnaires and classification materials, and deploy best practices for information lifecycle protection. Our Economics & Cyber Insurance service has helped to review clients strategy and funding to optimize their cyber security budget based on a deep maturity assessment (Telco, Utilities, High Tech). Our Crisis Management for C level service has helped a large European Administration to prepare itself in the event of a cyber attack through crisis management exercise. 14

? 15

? Ongoing discussions at executive level on the risks and opportunities of Digital transformation Significant investment to further develop our reputation as a global service provider enables us to address C-level cybersecurity concerns from a business risk perspective. We work closely with Chief Information Officers, Chief Digital Officers and Chief (Information) Security Officers, Business leaders and Executives to ensure cybersecurity is an effective business enabler. As you would expect from a global leader in cybersecurity consulting, we work with the highest industry standards to address: Sensitive data protection and data privacy including big data issues Critical IT and systems security Cloud and mobile computing security challenges Protection of Operation Technology and connected objects Keep your organization ahead of current and emerging practices in a rapidly changing business and information technology landscape with Cybersecurity Strategic from Capgemini 16

About Capgemini For more details contact: With more than 180,000 people in over 40 countries, Capgemini is one of the world s foremost providers of consulting, technology and outsourcing services. The Group reported 2015 global revenues of EUR 11.9 billion. Together with its clients, Capgemini creates and delivers business, technology and digital solutions that fit their needs, enabling them to achieve innovation and competitiveness. A deeply multicultural organization, Capgemini has developed its own way of working, the Collaborative Business Experience TM, and draws on Rightshore, its worldwide delivery model. Pierre-Luc Réfalo Global Head of Cybersecurity Strategic pierre-luc.refalo@capgemini.com Cyril François Senior Vice President Capgemini cyril.francois@capgemini.com The information contained in this document is proprietary. No part of this document may be reproduced or copied in any form or by any means without written permission from Capgemini. 2016 Capgemini. All Rights Reserved. Rightshore is a trademark belonging to Capgemini. About Capgemini Capgemini is the global strategy and transformation consulting organization of the Capgemini Group, specializing in advising and supporting enterprises in significant transformation, from innovative strategy to execution and with an unstinting focus on results. With the new digital economy creating significant disruptions and opportunities, our global team of over 3,600 talented individuals work with leading companies and governments to master Digital Transformation, drawing on our understanding of the digital economy and our leadership in business transformation and organizational change. Find out more at: www.capgemini.com/cybersecurity MCOS_GI_AH_20160314

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information