With the growing demand for improved cyber security, this large trading company was looking for help in protecting their supply systems and retail shops with better technology and processes.
The management requested a clear picture of the current state of their security setup along with a set of recommendations to improve them. After internal approval, the necessary improvements and changes were to be executed as a project. Also, all IT security activities were to be coordinated by a CISO.
Using our experience in security assessments, we performed our standardized full security check. We captured the state of things by doing interviews with the IT staff and analyzing the technology. Then we drafted a set of actions. These were continually refined with the IT and management teams. We helped to assure the support from the executive board and then launched into the implementation of the technical and procedural improvements, assisting in the coordination of the work across multiple partners. Later, as the parent company developed new security guidelines, we extended the project scope with those requirements. During the whole project, we performed the CISO function as a service until an internal person was assigned and ready to take over on a permanent basis.