consulting services for cybersecurity - dimension data ?· consulting services for cybersecurity....

Download Consulting services for cybersecurity - Dimension Data ?· Consulting services for cybersecurity. ...…

Post on 04-Jun-2018

212 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • Consulting services for cybersecurity

  • Giving you the skills to risk less, yet achieve moreIT security skills are scarce. The 2015 (ISC)2 Global Information Security Workforce Study carried out by Frost & Sullivan found that 62% of organisations say they have too few information security professionals (up from 56% in 2013). They estimate the shortfall in the global information security workforce will reach 1.5 million in 5 years.

    Its hardly surprising. The digitalisation of business cloud, mobile, and the Internet of Things is transforming cybersecurity. Perimeters are being pushed off premises, into the cloud, and out to exponentially-multiplying endpoints. Provisioning times are falling to minutes, threats are morphing daily, and responsibility for security is being fragmented across more and more cloud service providers.

    How can organisations get on top of these ever-changing risks, and acquire both the skills and the capacity to combat them? Many turn to us for our depth of expertise, our breadth of experience, and our sheer capacity to provide the security skills they need.

    Secure every step of the wayAt Dimension Data you, our client, are central to everything we do. We look at cybersecurity from your point of view.

    Cybersecurity has a lifecycle starting with risk assessment, moving through strategy formulation, designing a solution, everyday control, and on-going management.

    This lifecycle, which we call the Security Wheel, forms the basis of our engagement with you. We have consulting services aligned with every stage in the lifecycle, and you can join at whatever stage is right for you.

    Our consulting services help you manage cybersecurity from every angle throughout the lifecycle by:

    Building a robust security strategy, aligned to your business goals

    Identifying and evaluating the threats you face continuously

    Finding the vulnerabilities in your infrastructure, applications, endpoints, and processes

    Strengthening your security architecture

    Recommending how to repair gaps in a cost effective manner

    Making sure youre compliant with regulations and governance policies.

    We work with you to shape your business needs into a robust cybersecurity strategy and roadmap. We can then design, deploy, and project-manage your implementation to deliver technology that meets your business objectives.

    We outline below some of our main consulting services available regionally or globally, but were very flexible about how we can engage with you. So its best simply to talk to us about where you are, the challenges youre facing, and well see how we can best help you.

    Cybersecurity lifecycle the Security Wheel

    Consulting

    Management

    Strategy

    Architecture

    ClientControls

    Architecture

    Evaluation

    Optimisation

    Design

    Deploy

    Strategy

    Business alignment

    Vision and strategy

    Roadmap

    Consulting

    Business requirements

    Workshops and interviews

    Risk analysis

    Gap analysis

    Technical analysis

    Recommendations

    Controls

    Platform

    Automation

    Configuration

    Integration

    Consumption

    Threat intelligence

    Management

    Operations

    Maintenance

    Support

  • Security architecture services

    Network threat and vulnerability services

    Security penetration testing services

    We use our Security Architecture Assessment model as a flexible way of evaluating your security architecture, from policies to technical controls.

    We take a holistic approach, reviewing your security vision and strategy, information security framework, risk management framework, and logical security architecture. We make sure they are all practical, appropriate and economically proportionate.

    Delivered through a choice of three service level models, the outcome is a specific set of recommendations that allow you to apply your resources and controls in the most effective way to protect key assets.

    Combined with a remediation roadmap, you can use the results to build a budget and resource plan, or simply align to an existing strategy for greater reassurance.

    The assessment includes:

    An information gathering phase which may include interactive workshops and/or interviews to assess your current and desired state

    the option to choose from a selection of assessments to help validate your assumptions

    recommendations for improvement

    a cybersecurity roadmap based on business and technology initiatives.

    Our network threat and vulnerability services present a snapshot of real-time activity on the network, identifying suspicious behaviour, compromises, or breaches.

    We then assist you in remediating the root causes of any problems that we detect.

    Depending on your organisations key areas of concern, an engagement can focus on:

    traffic analysis on key segments of the network

    web, database, and file application access

    unauthorised and inappropriate use of data assets

    event correlation and normalisation

    identification and analysis of malware patterns on the network

    vulnerability scanning of systems

    violations of existing Internet usage policies.

    The service is designed to capture network traffic and gather intelligence over an agreed period of time in order to present a technical risk profile.

    Our Network threat and vulnerability services are only available in certain geographical regions speak to us for details.

    Penetration testing is an important element of any cybersecurity assurance programme. Well determine the presence of weaknesses that could be exploited by malicious users to compromise your most critical infrastructure including web applications, networks, and endpoints.

    We align to industry best practice and guidelines from sources such as Open Source Security Testing Methodology Manual (OSSTMM), National Institute of Standards and Technology (NIST) and The Open Web Application Security Project (OWASP).

    We have experience in many scenarios, and our proven penetration testing methodologies include a focus on the following:

    Internet-facing infrastructure

    internal network segments such as a demilitarised zone, or an office local area network

    desktop and laptop computers including stolen laptop attack scenarios

    Internet-facing and internal web applications

    wireless network infrastructure

    remote access and VPN infrastructure.

    Firewall assurance servicesOur firewall assurance services help you optimise the total cost of ownership of your firewall estate in relation to your network infrastructure and security posture. We adopt a full-service approach, from analysis to deployment, to maximise return on investment, reduce migration cost, and improve application security.

    Theyre flexible services which can be tailored to your needs. We can:

    identify and document the current state of your firewall infrastructure

    deliver strategies to reduce complexity, increase productivity and reduce risk

    develop a services map which details the use of applications and network access to better understand usage and trends

    identify high risk policies that may impact the confidentiality, integrity or availability, and remove any redundant, overlapping, or duplicate rules

    identify and document any opportunities to optimise or further refine your firewall policies or underlying architecture

    compare your compliance metrics against security industry best practices.

  • Governance, risk, and compliance services Incident response services

    Underpinned by Dimension Datas incident response framework, our incident response services provide a use-case driven model with well-established methodologies, processes and reporting to swiftly detect, respond to, and remediate a given threat. Experienced incident responders provide the coverage you need to ensure a timely response.

    We offer a range of incident response services that are scalable, repeatable, comprehensive, and mature:

    first response service

    incident response readiness assessment

    compromise assessment

    incident response program development

    incident response retainer.

    Our incident response services are only available in certain geographical regions speak to us for details.

    These consulting services address three core tenets of businesses today: corporate governance, risk management, and regulatory compliance.

    Well help you set the governance policies and processes that direct and control the organisation. This includes external legal, regulatory, and industry compliance requirements.

    Well help you determine your risk appetite, based on your organisations governance policies and processes.

    Well make sure you keep documentary evidence of your compliance with internal policy and process, as well as with external regulation.

    We help you address all these issues with global services that include:

    information security management system (ISMS) development

    organisational policy development

    IT policy development

    development and gap reviews

    information security management systems standard ISO/IEC 27000

    payment card industry data security standards (PCI DSS).

    CS / GLMKSEC0056 / 08/16 Copyright Dimension Data 2016

    Why Dimension Data for security consulting?Were part of NTT, the largest communications company in the world. All the security practices of the NTT group (formerly Solutionary, NNT Comms Security, and NTTi3) have recently been brought together as NTT Security.

    We see 40% of all Internet traffic so we ha