consulting services for cybersecurity - dimension data ?· consulting services for cybersecurity....
Post on 04-Jun-2018
Embed Size (px)
Consulting services for cybersecurity
Giving you the skills to risk less, yet achieve moreIT security skills are scarce. The 2015 (ISC)2 Global Information Security Workforce Study carried out by Frost & Sullivan found that 62% of organisations say they have too few information security professionals (up from 56% in 2013). They estimate the shortfall in the global information security workforce will reach 1.5 million in 5 years.
Its hardly surprising. The digitalisation of business cloud, mobile, and the Internet of Things is transforming cybersecurity. Perimeters are being pushed off premises, into the cloud, and out to exponentially-multiplying endpoints. Provisioning times are falling to minutes, threats are morphing daily, and responsibility for security is being fragmented across more and more cloud service providers.
How can organisations get on top of these ever-changing risks, and acquire both the skills and the capacity to combat them? Many turn to us for our depth of expertise, our breadth of experience, and our sheer capacity to provide the security skills they need.
Secure every step of the wayAt Dimension Data you, our client, are central to everything we do. We look at cybersecurity from your point of view.
Cybersecurity has a lifecycle starting with risk assessment, moving through strategy formulation, designing a solution, everyday control, and on-going management.
This lifecycle, which we call the Security Wheel, forms the basis of our engagement with you. We have consulting services aligned with every stage in the lifecycle, and you can join at whatever stage is right for you.
Our consulting services help you manage cybersecurity from every angle throughout the lifecycle by:
Building a robust security strategy, aligned to your business goals
Identifying and evaluating the threats you face continuously
Finding the vulnerabilities in your infrastructure, applications, endpoints, and processes
Strengthening your security architecture
Recommending how to repair gaps in a cost effective manner
Making sure youre compliant with regulations and governance policies.
We work with you to shape your business needs into a robust cybersecurity strategy and roadmap. We can then design, deploy, and project-manage your implementation to deliver technology that meets your business objectives.
We outline below some of our main consulting services available regionally or globally, but were very flexible about how we can engage with you. So its best simply to talk to us about where you are, the challenges youre facing, and well see how we can best help you.
Cybersecurity lifecycle the Security Wheel
Vision and strategy
Workshops and interviews
Security architecture services
Network threat and vulnerability services
Security penetration testing services
We use our Security Architecture Assessment model as a flexible way of evaluating your security architecture, from policies to technical controls.
We take a holistic approach, reviewing your security vision and strategy, information security framework, risk management framework, and logical security architecture. We make sure they are all practical, appropriate and economically proportionate.
Delivered through a choice of three service level models, the outcome is a specific set of recommendations that allow you to apply your resources and controls in the most effective way to protect key assets.
Combined with a remediation roadmap, you can use the results to build a budget and resource plan, or simply align to an existing strategy for greater reassurance.
The assessment includes:
An information gathering phase which may include interactive workshops and/or interviews to assess your current and desired state
the option to choose from a selection of assessments to help validate your assumptions
recommendations for improvement
a cybersecurity roadmap based on business and technology initiatives.
Our network threat and vulnerability services present a snapshot of real-time activity on the network, identifying suspicious behaviour, compromises, or breaches.
We then assist you in remediating the root causes of any problems that we detect.
Depending on your organisations key areas of concern, an engagement can focus on:
traffic analysis on key segments of the network
web, database, and file application access
unauthorised and inappropriate use of data assets
event correlation and normalisation
identification and analysis of malware patterns on the network
vulnerability scanning of systems
violations of existing Internet usage policies.
The service is designed to capture network traffic and gather intelligence over an agreed period of time in order to present a technical risk profile.
Our Network threat and vulnerability services are only available in certain geographical regions speak to us for details.
Penetration testing is an important element of any cybersecurity assurance programme. Well determine the presence of weaknesses that could be exploited by malicious users to compromise your most critical infrastructure including web applications, networks, and endpoints.
We align to industry best practice and guidelines from sources such as Open Source Security Testing Methodology Manual (OSSTMM), National Institute of Standards and Technology (NIST) and The Open Web Application Security Project (OWASP).
We have experience in many scenarios, and our proven penetration testing methodologies include a focus on the following:
internal network segments such as a demilitarised zone, or an office local area network
desktop and laptop computers including stolen laptop attack scenarios
Internet-facing and internal web applications
wireless network infrastructure
remote access and VPN infrastructure.
Firewall assurance servicesOur firewall assurance services help you optimise the total cost of ownership of your firewall estate in relation to your network infrastructure and security posture. We adopt a full-service approach, from analysis to deployment, to maximise return on investment, reduce migration cost, and improve application security.
Theyre flexible services which can be tailored to your needs. We can:
identify and document the current state of your firewall infrastructure
deliver strategies to reduce complexity, increase productivity and reduce risk
develop a services map which details the use of applications and network access to better understand usage and trends
identify high risk policies that may impact the confidentiality, integrity or availability, and remove any redundant, overlapping, or duplicate rules
identify and document any opportunities to optimise or further refine your firewall policies or underlying architecture
compare your compliance metrics against security industry best practices.
Governance, risk, and compliance services Incident response services
Underpinned by Dimension Datas incident response framework, our incident response services provide a use-case driven model with well-established methodologies, processes and reporting to swiftly detect, respond to, and remediate a given threat. Experienced incident responders provide the coverage you need to ensure a timely response.
We offer a range of incident response services that are scalable, repeatable, comprehensive, and mature:
first response service
incident response readiness assessment
incident response program development
incident response retainer.
Our incident response services are only available in certain geographical regions speak to us for details.
These consulting services address three core tenets of businesses today: corporate governance, risk management, and regulatory compliance.
Well help you set the governance policies and processes that direct and control the organisation. This includes external legal, regulatory, and industry compliance requirements.
Well help you determine your risk appetite, based on your organisations governance policies and processes.
Well make sure you keep documentary evidence of your compliance with internal policy and process, as well as with external regulation.
We help you address all these issues with global services that include:
information security management system (ISMS) development
organisational policy development
IT policy development
development and gap reviews
information security management systems standard ISO/IEC 27000
payment card industry data security standards (PCI DSS).
CS / GLMKSEC0056 / 08/16 Copyright Dimension Data 2016
Why Dimension Data for security consulting?Were part of NTT, the largest communications company in the world. All the security practices of the NTT group (formerly Solutionary, NNT Comms Security, and NTTi3) have recently been brought together as NTT Security.
We see 40% of all Internet traffic so we ha