Protiviti Helps Telecom Turn Security Flaw Into Revenue Opportunity
2
Protiviti experts help telecom giant turn a costly security flaw into a revenue operation Security Operations Center – Telecommunications Client Challenge Our client, a major telecommunications operation, was experiencing security failures as a result of deficiencies in the security operations system levels. The company had invested in a security monitoring solution and had deployed it across the enterprise. However, the security information event management software (SIEM) that was supposed to alert the company to suspicious activity was not achieving the objectives originally set out. The software was experiencing reporting problems, causing a dangerous lack of visibility into the extent of security breaches and threats. POWERFUL INSIGHTS Protiviti was engaged originally for what our client believed to be a technical systems fix. However, through our analysis, we discovered a more fundamental business problem. The information technology (IT) breakdowns were caused by a silo-based system design that kept departments from communicating and coordinating security efforts. The software, originally designed for use with only one product line, created problems when enterprisewide demands were placed on it. Protiviti’s Security Services experts worked with our client to uncover the root cause of the problem, and implemented an appropriate and practical solution. We provided the following services: • Reviewed the organization’s scope of security monitoring activities, identified potential gaps, matched them with specific business risks, and quantified those risks to the extent possible. • Developed a technical solution redesign that incorporates forward-looking threat monitoring and tracks key risk indicators identified with the business functions. • Developed a holistic, enterprisewide security risk profile in consultation with our client’s chief information security officer, leading to more informed decision-making (investment decisions, business decisions informed by security risk profiles, etc.). • Developed and launched a Security Operations Center from which to manage security across the entire organization. Key consulting services in developing the Security Operations Center included: • Determining specific functions for the center and the scope of the security services it would offer, such as tracking regulatory requirements applicable to the enterprise and complying with logging and reporting requirements • Determining which enterprisewide compliance activities would be merged with the center’s operations and which would be coordinated with them • Developing business performance expectations for the center • Developing a communications matrix within the business to make sure each business silo communicates with the others • Helping the client determine the right tools and appropriate staffing for the center and assisting with establishing roles and responsibilities for the center’s leadership
description
Our client, a major telecommunications operation, was experiencing security failures as a result of deficiencies in the security operations system levels. The company had invested in a security monitoring solution and had deployed it across the enterprise. However, the security information event management software (SIEM) that was supposed to alert the company to suspicious activity was not achieving the objectives originally set out. The software was experiencing reporting problems, causing a dangerous lack of visibility into the extent of security breaches and threats
Transcript of Protiviti Helps Telecom Turn Security Flaw Into Revenue Opportunity
-
Protiviti experts help telecom giant turn a costly security flaw into a revenue operationSecurity Operations Center Telecommunications
Client Challenge
Our client, a major telecommunications operation, was experiencing security failures as a result of deficiencies in the security operations system levels. The company had invested in a security monitoring solution and had deployed it across the enterprise. However, the security information event management software (SIEM) that was supposed to alert the company to suspicious activity was not achieving the objectives originally set out. The software was experiencing reporting problems, causing a dangerous lack of visibility into the extent of security breaches and threats.
P O W E R F U L I N S I G H T SProtiviti was engaged originally for what our client believed to be a technical systems fix. However, through our analysis, we discovered a more fundamental business problem. The information technology (IT) breakdowns were caused by a silo-based system design that kept departments from communicating and coordinating security efforts. The software, originally designed for use with only one product line, created problems when enterprisewide demands were placed on it.Protivitis Security Services experts worked with our client to uncover the root cause of the problem, and implemented an appropriate and practical solution. We provided the following services:
Reviewed the organizations scope of security monitoring activities, identified potential gaps, matched them with specific business risks, and quantified those risks to the extent possible.
Developed a technical solution redesign that incorporates forward-looking threat monitoring and tracks key risk indicators identified with the business functions.
Developed a holistic, enterprisewide security risk profile in consultation with our clients chief information security officer, leading to more informed decision-making (investment decisions, business decisions informed by security risk profiles, etc.).
Developed and launched a Security Operations Center from which to manage security across the entire organization.
Key consulting services in developing the Security Operations Center included: Determining specific functions for the center and the scope of the security services it would offer,
such as tracking regulatory requirements applicable to the enterprise and complying with logging and reporting requirements
Determining which enterprisewide compliance activities would be merged with the centers operations and which would be coordinated with them
Developing business performance expectations for the center Developing a communications matrix within the business to make sure each business silo
communicates with the others Helping the client determine the right tools and appropriate staffing for the center and assisting with
establishing roles and responsibilities for the centers leadership
-
2014 Protiviti Inc. An Equal Opportunity Employer M/F/D/V. PRO-PKIC-0514-149Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
ContactsMichael Walter+1.303.898.9145 [email protected]
Jonathan Wyatt+44.20.7024.7522 [email protected]
About Protiviti
Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 40 percent of FORTUNE 1000 and FORTUNE Global 500 companies. Protiviti and its independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies.Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.
P R O V E N D E L I V E R Y
By addressing the original problem holistically, Protiviti was not only able to restructure our clients approach to security monitoring through the development of the Security Operations Center, but helped the enterprise develop a new service line with the potential for significant new revenue. Our restructuring actions created an opportunity to turn what was essentially a cost center into a profit center, by giving our client the ability to leverage the people, processes and technology of the internal Security Operations Center to provide services to external customers. The client asked Protiviti to assist with this conversion, and was soon able to deliver IT security services, including threat intelligence and cyber monitoring, to its outside clientsprimarily government and defense industry operations. What began as the clients own internal monitoring infrastructure project became the foundation of a successful new product line. How We Help Companies Succeed
There are as many different security threats as there are reasons for an organization to be targeted. A hackers motivation can be personal, political, criminal, or purely opportunistic. In order to respond to these potential threats, security professionals must change the way they deliver protective services. As senior executives face budgetary challenges, IT must deliver smarter security solutions, increased operational efficiencies and tangible value.
Too many organizations rely on technology to deliver effective security monitoring capability. It is all too easy to buy into the vendors pitch that technology is the silver bullet that will solve all security problems.At Protiviti, we drive large security endeavors by focusing on people and processes aligned with business risk, as these are often the overlooked factors of a solutions success or failure. We help clients understand where the critical interaction among technology, people and processes occurs, to help organizations map IT security to risk more effectively.
We deliver the following services: Security Operations Center (SOC) design and implementation Technology optimization SOC assurance (internal and third-party security services)
John [email protected]
