CASSIDIAN CYBERSECURITY SECURITY OPERATIONS CENTRE SERVICES



Similar documents
CASSIDIAN CYBERSECURITY

Caretower s SIEM Managed Security Services

Service Definition Document

Lot 1 Service Specification MANAGED SECURITY SERVICES

GPG13 Protective Monitoring. Service Definition

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

PSN Protective Monitoring. Service Definition

Thales Service Definition for PSN Secure Gateway Service for Cloud Services

PROTECTIVE MONITORING SERVICE G-CLOUD SERVICE DEFINITION

Compliance Guide: PCI DSS

Payment Card Industry Data Security Standard

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open

CALNET 3 Category 7 Network Based Management Security. Table of Contents

HOSTING. Managed Security Solutions. Managed Security. ECSC Solutions

Firewall Administration and Management

PAAS Public Sector Managed Services

External Supplier Control Requirements

Ecom Infotech. Page 1 of 6

G-Cloud Service Definition. Atos Information Security Wireless Scanning Service

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Disaster Recovery for Business-Critical Applications. Your business. Back in business. Real-time DR solutions you can rely upon when all else fails

Marval Software Limited. G Cloud iii Framework Service Definition

A COMPLETE APPROACH TO SECURITY

Digital Forensics G-Cloud Service Definition

e2e Secure Cloud Connect Service - Service Definition Document

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 1.0, Issue Date: 05/02/201405/02/2014. Classification: Open

G-CLOUD 7 - VIRTUAL ASSET MANAGER (VAM) SPECIALIST CLOUD SERVICES (SCS)

QRadar SIEM 6.3 Datasheet

Current IBAT Endorsed Services

Cloud Infrastructure Security Management

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

Information Technology Policy

G-Cloud Service Definition. Atos Security Professional Services SCS

The Education Fellowship Finance Centralisation IT Security Strategy

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

The SIEM Evaluator s Guide

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

G Cloud 6. Service Definition: Platform as a Service (PaaS)

1. Perimeter Security Dealing with firewall, gateways and VPNs and technical entry points. Physical Access to your premises can also be reviewed.

SANS Top 20 Critical Controls for Effective Cyber Defense

VividApps Limited Service Definition Document

Agilisys G-Cloud Service V

The Cyber Threat Profiler

IBM QRadar as a Service

The Importance of Cybersecurity Monitoring for Utilities

Introduction to Centerprise International Limited

CNS Security and Network Monitoring. Managed Services Description

Company Overview. Enterprise Cloud Solutions

SIEM is only as good as the data it consumes

G-Cloud 7 Service Definition. Atos Oracle Cloud ERP Implementation Services

I.T. Security Specialists. Cyber Security Solutions and Services. Caretower Corporate Brochure

North American Electric Reliability Corporation (NERC) Cyber Security Standard

How To Manage Log Management

Deloitte Service Code: D-G6-L4-543 December 2014

Securing your IT infrastructure with SOC/NOC collaboration

Service description RFL Virtual Data Centre

End-user Security Analytics Strengthens Protection with ArcSight

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Platform as a Service

How To Achieve Pca Compliance With Redhat Enterprise Linux

Uncover security risks on your enterprise network

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

GOOD PRACTICE GUIDE 13 (GPG13)

Specific recommendations

Simplify Your Network Security with All-In-One Unified Threat Management

McAfee Security Architectures for the Public Sector

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

Assuria from ZeroDayLab

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

What is Security Intelligence?

Q1 Labs Corporate Overview

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Vodafone Private Cloud

GE Measurement & Control. Cyber Security for NERC CIP Compliance

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Organizational Issues of Implementing Intrusion Detection Systems (IDS) Shayne Pitcock, CISSP First Data Corporation

Eoin Thornton Senior Security Architect Zinopy Security Ltd.

INFRASTRUCTURE AS A SERVICE BUYER S CHECKLIST

IBM Internet Security Systems products and services

Data Security and Healthcare

Italy. EY s Global Information Security Survey 2013

CYBER SECURITY OPERATIONS CENTRE

Service Definition Nine23 MDM

G-Cloud Service Definition. Atos Oracle Cloud ERP Implementation Services

Open Source Sales Force Automation (SFA) in the Cloud SaaS

Service Definition MMaaS Mobile Device Management. G- Cloud VII. Service Definition Nine23 MMaaS Mobile Device Management

Unknown threats in Sweden. Study publication August 27, 2014

MANAGE VULNERABILITIES

Ubertas Cloud Services: Service Definition

Find the needle in the security haystack

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

IPL Service Definition - Data Recovery, Conversion and Migration

1 Introduction Product Description Strengths and Challenges Copyright... 5

PCI DSS Reporting WHITEPAPER

Cyber Security and Cloud Computing. Dr Daniel Prince Course Director MSc in Cyber Security

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.

We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review

Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services

Threat and Vulnerability Management (TVM) Protecting IT assets through a comprehensive program. Chicago IIA/ISACA

Transcription:

CASSIDIAN CYBERSECURITY SECURITY OPERATIONS CENTRE SERVICES PROTECTIVE MONITORING SERVICE In a world where cyber threats are emerging daily, often from unknown sources, information security is something that no organisation can afford to take for granted. Cassidian CyberSecurity has the expertise to take on the security challenges facing today s organisations, providing services and systems that work tirelessly to stem the tide of cyber threats.

Protective Monitoring Overview An understanding of user and systems behaviour is fundamental to planning and constructing the defence of an organisation s business infrastructure against the cyber threat. Traditional security technologies such as firewalls, anti-virus and intrusion prevention systems are designed to detect or prevent specific types of known exploitation such as the execution of malicious software, the connection to prohibited services or the infiltration of a system from unauthorised external entities. Protective monitoring services capture information from system and user actions that may not necessarily be deemed as malicious or unauthorised in isolation by security tools, but may still introduce unmanaged risk into the organisation nonetheless. Protective monitoring and analysis may also identify a new threat (eg: zero day) that has not previously been categorised by the security vendor and therefore not detected by their predefined technical policies. Security Information and Event Management Cassidian Limited (hereon referred to as Cassidian, and incorporating Cassidian UK, Cassidian CyberSecurity and Regency IT Consulting) utilise Security Information & Event Management (SIEM) technology to deliver Protective Monitoring services. The SIEM acts as a central repository for security related events from a broad range of system sources such as network routing devices, operating systems, and applications as well as the traditional security technologies. In addition to the collection of security related events, the SIEM technology is used to correlate, filter and normalise the data to provide a comprehensive near real-time and historical view of the system security posture. In its native format, the vast array of event data that is collected from reporting systems and devices is difficult to interpret and associate with a potential cyber attack. Using specialist tools and expertise, Cassidian analysts are able to translate this data into useable information and meaningful reports that can be understood by business management. These security reports are associated with current relevant threat data to ensure that the organisation is presented with a global information assurance picture to support safe business operations. 2

Business Benefits The benefits of Protective Monitoring are far reaching, not only in providing information to support business operations in the face of the cyber threat, but also to meet with the compliance needs of organisations in a range of business domains. This includes the data recording, system monitoring and log storage requirements associated with best practice policy and standards such as GPG13, ISO27000 and PCI DSS. Cassidian specialists have an excellent understanding of the fundamental security requirements in these publications, as well as the systems and networks under their jurisdiction and are best placed to design and deliver a protective monitoring policy to meet with the requirements of a modern networked business environment. Providing a filtered informational view ensures that suspicious or unusual network activity is immediately visible and not obscured by authorised systems and network activity. Our specialists achieve the optimal security view by applying specific technical security policies to the SIEM and to the associated reporting devices and sensors. These technical policies are based on the individual customer s threat profile and their specific compliance requirements. The technical security policies are further enhanced using advanced aggregation, correlation and analysis skills to determine event relevance and criticality. Cassidian Expertise and Experience Cassidian also provides expert advice to ensure that all relevant reporting devices are configured to report pertinent events and that any specialist security sensors are strategically positioned to deliver the optimal protection to critical business assets. Cassidian leverages an extensive library of mature ITIL based processes aligned with best practice to support the incident response process and a range of support functions such as updating logging requirement and maintaining system software levels. Additional processes to manage change and configuration have also been developed in partnership with our customers to ensure that the risk of service disruption is minimised and that the security posture is maintained. Cassidian Protective Monitoring Service provides: Real-time collection, filtering, normalisation and aggregation of log data from all capable devices, computers and applications defined within the enterprise network 3

Secure long-term storage and archiving of the log data. Real-time and historical analysis of log data Flexible searching of the log data in response to ad-hoc queries Production of reports Incident analysis and management by the Cassidian Security Operations Centre (SOC) through near real-time event correlation. This enables focused use of resources to respond to serious issues in a timely fashion. Incident management and handling aligned with CUSTOMER security policy and industry best practices. Event correlation and evaluation against known vulnerabilities, current attacks and other specialist threat intelligence sources such as the Cassidian Warning Advice and Reporting Portal (WARP). System tuning to reduce false positive alerts thus providing a more focussed and accurate threat picture. Reporting of key incident metrics to facilitate: o Development of security policies and procedures o Fine tuning and focusing of technical detection policies o Detection of historical trend based threats Cassidian Protective Monitoring services may be offered as a stand-alone service component or as part of a comprehensive cyber defence solution. Training Developing services that are intuitive and require minimal amounts of training has always been a primary goal of Cassidian. However, it is inevitable that some training will be needed, as ensuring our customers are fully comfortable in using our services is essential. Cassidian work closely with customers to understand the training needs to develop the most cost effective training solution. Trial Services Cassidian offers services on a trial basis, prices can be provided upon request. 4

Backup/Restore and Disaster Recovery Business Continuity (BC) and Disaster Recovery (DR) are firmly embedded within our organisation and our BC Team have designed, implemented and tested Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP) for our customers. Using processes such as Major Incident Management, Risk Analysis, Business Impact Analysis and Critical Activity Analysis, Cassidian provides duplicated infrastructure, alternative location facilities, mirrored data centres and diverse power and connectivity solutions to achieve BC requirements for the MOD, Emergency Services and Private sector. Information Assurance Cassidian are recognised for their knowledge and experience in the field of information assurance. This has been accumulated through the provision, evaluation and accreditation of many system solutions for Government departments and MoD contracts. These solutions have been created to cater for business impact levels IL0-2, IL3, IL4 and IL5. Cassidian has extensive experience in the creation and auditing of security solutions, and are designed to ISO27001 and accredited under HMG standards (IS1 and IS2). Financial Recompense Specific requirements for financial recompense will be negotiated and agreed on an individual contract basis. Termination Terms Termination terms for this service are specified in the accompanying terms and conditions. Pricing The price quoted for Protective Monitoring on the G Cloud catalogue is 62.60 per log source per month, for a GPG13 recording profile B (assuming a 3 year contract). This is subject to the following parameters, on an IL3 network: Log Source Category Threshold measure G Cloud Price Parameter Security Enforcing Network Device Maximum Bandwidth (Mbps) 0 250 5

Non Security Enforcing Network Device Base Windows Server OS Base Linux Server OS Specialist Security Appliances Workstation (Desktop/Laptop) Printer/Scanner/Fax Web Server Database Middleware Email Server General Purpose Apps (File Server) Authentication / Directory server NIDS Sensor (owned and managed by Protective Monitoring Provider) HIDS Sensor (owned and managed by Protective Monitoring Provider) Web filtering gateways and proxy server Antivirus Product Source Maximum Bandwidth (Mbps) Internal or externally facing server Internal or externally facing server Maximum Bandwidth (Mbps) Number of working hours Average number of prints per month Average number unique visits per day Average number of transaction per day Internal or externally facing server Average number of emails per day Internal or externally facing server Total numbers of enrolled users Maximum Bandwidth (Mbps) Internal or externally facing server Maximum Bandwidth (Mbps) Per number of hosts monitored 0 250 Internal systems only Internal systems only 0 250 0 30 0 1000 0 1000 0 1000 Internal 0 2000 Internal 0 1000 0 250 Internal Server 0 250 0 1000 The Protective Monitoring Service will also be subject to core infrastructure and core management charges. 6

However, Protective Monitoring services are bespoke in nature and therefore Cassidian will tailor its pricing accordingly. Upon receipt of an enquiry, Cassidian will work with the potential customer to provide a specific proposal, with a service offering that delivers maximum value against the customer s business objectives. Service Levels Service Availability and Performance metrics will be detailed, post mutual agreement, and captured in a formal SLA between Cassidian and the Customer. Each Service Performance Level is categorised as either a Key Performance Indicator (KPI) or a Performance Indicator (PI). A KPI will be subject to the Service Credit regime. A PI will be measured and reported to the Service Consumer but will not be subject to the Service Credit calculation. PI s are measured so that the Cassidian can make reasonable efforts to improve reported performance as part of the Continuous Service Improvement process. Service Constraints & Dependencies For the successful delivery of these services Cassidian and the customer will need to establish and agree the constraints and dependencies that affect the service. These constraints and dependencies will be established during the initial engagement with the customer. Ordering Process Cassidian will utilise the G Cloud catalogue ordering process. On-Boarding Cassidian employs a standard service introduction approach to deliver against proposals. Cassidian s Take On Service Plan (TOSP) is used to manage the on-boarding process that transitions Service users from their existing Service to the new Service (and off again at the Service off-boarding point). 7

Technical Requirements and Consumer Responsibilities Cassidian s Protective Monitoring offering is designed to give potential customers maximum flexibility. This allows the service to be tailored to meet individual needs, with technical requirements and consumer responsibilities being agreed on a case by case basis. 8

Cassidian Cybersecurity Limited intends sub-contracting part of the service to Cassidian Limited. Cassidian Limited is a company incorporated in England and Wales (company number 04191036) and its registered office is at Quadrant House, Celtic Springs, Coedkernew, Newport, NP10 8FZ. Cassidian Cybersecurity Limited is a wholly owned subsidiary of Cassidian Limited. Cassidian Limited has the following capabilities and experiences in the provision of the service. Copyright This document and its content are the property of Cassidian Limited and must not be duplicated and /or disclosed without authorisation. Any use other than that for which it was intended is prohibited. Cassidian Limited 2013 All rights reserved. Point of Contact Enquiries regarding the content of this document should be addressed to: Chantelle Walkden Email: opportunities@regencyitc.co.uk Regency IT Consulting is a Business Unit of Cassidian CyberSecurity Limited Unit 1.1, Montpellier House, Montpellier Drive, Cheltenham, Glos, GL50 1TY Tel.: 01242 225 692 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information