Building operational information security
Snapshot
Our client maintains a reputation for placing a high value on both public transparency and the security of its transactions and data of its consumers, partners and affiliates. In the ever-evolving battle to maintain and improve its information security operations, our client sought Kalles Group to:
- Recommend and implement changes in security protocol.
- Further augment operational aspects of their growing security team.
- Develop processes for the future maintenance of their system.
- Identify vulnerabilities and threats, and craft a solution to mitigate their effects on key business processes and sensitive data.
- Inject critical security requirements into key conversations for both in-flight technology projects and strategic business initiatives.
- Develop best practices and processes around security mitigation and response to increase our overall effectiveness in responding to security incidents.
Challenge
Kalles Group consultants integrated with our client’s security team to analyze underlying security controls, logging software, and management processes, and the utilization of various monitoring services. From these findings, Kalles Group consultants were able to develop a contextual understanding of our client’s security culture and priorities and offer strong recommendations and strategies toward improving and extending their security protocols.
“Kalles Group used a more rigorous screening process to match my needs with high quality candidates. By effectively pre-screening candidates, I was able to reduce the amount of time I spent reviewing resumes and interviewing”
— Senior Information Security Analyst, Large Non-Profit Client
Approach
The focus of Kalles Group’s risk management engagement was assisting our client in identifying and managing vulnerability through:
- Threat modeling.
- Application control review.
- The dismissal of false positives.
- Monitoring security events.
- Identifying and separating real business processes from infections.
Kalles Group worked with server and networking teams to patch vulnerable areas as they arose. In the process of this day-to-day work, Kalles Group consultants encouraged the change and augmentation of the client’s existing security processes toward greater regulatory compliance, and provided documentation of these changes to promote their adaptation among future security teams.
Results
Our client’s security governance processes and monitoring capabilities have been greatly improved by the new recommendations. Overall, there is now less financial risk to the company, investors, and end-users. Access to public information is preserved – thus maintaining the integrity of our client’s reputation for public transparency – but all transactions and information are presented on a more secure platform that safeguards the private data of our client’s consumers.
“Confidentiality, integrity and availability are always important, but master the skill of knowing which one is most important for a given business, system or file routine…”
— CEO of SANS Technology Institute