Fast tracking Information Security for a global retailer
A global fashion retailer contacted Fusion for help with its information security requirements. The company operates 500+ stores globally and has annual revenues in excess of $5 billion dollars.
Despite this success, the Chief Information Security Officer, who reports to the Board of Directors, carried out an internal audit that highlighted multiple challenges:
- Limited view of their assets
- A siloed and incomplete set of asset management processes
- Limited ability to prevent, detect, and recover from security-related incidents
- Limited ability to report against the industry InfoSec standards, including PCI/DSS and GDPR
- Slow response time to InfoSec-related events
These shortcomings could inadvertently leak personal or proprietary data, resulting in reputation loss. They could unintentionally enable intrusions into financial networks. And in trying to remedy these situations, they could spend significant amounts on unplanned costs.
To address these challenges quickly, we started by analysing the outcomes that infosec require, working out the types of data and asset attributes we need to deliver the desired outcomes.
The specific requirements set out by Information Security teams can be summarised as:
- Track IT assets
- Track asset relationships
- Track asset ownership
- Visibility of IT assets across the entire lifecycle
These detailed statements are then further analysed to work out the required end-to-end asset lifecycle and supporting data. In doing so we were answering these types of questions…
1. What specific outcomes must I achieve in order to pass security audits?
2. What data does InfoSec reporting require?
3. What is the quality of the required data? How much information is required for each asset? How often must this data be refreshed? How accurate must the data be to achieve control?
4. Where and how is the data obtained and maintained?
5. How do I combine various data sources to gain complete lifecycle visibility into every asset?
Once these questions are answered, we provided a full-stack managed service package incorporating critical capabilities to rapidly mature the asset management process. This package includes asset management best practice templates, methodologies, products and data quality assurance measures to support InfoSec outcomes.
The results from this engagement were pretty stunning. Within 4 months of implementing the solution, our global retail partner:
- Passed its internal information security audit
- Developed a comprehensive asset management process incorporating software, network, servers, and end-user computing
- Established a central repository for all IT assets with 95% accuracy across data centre, cloud, and end-user computing
In summary, our top-down, iterative, prescriptive framework helps IT organisations to quantify and solve the gaps in their information security, by identifying and resolving capability gaps, improving the quality of asset data, and, most importantly, maturing the asset management governance and processes.
This 4 minute video covers an incredibly powerful case study on how Fusion helped Burberry Information Security provide accurate internal audits required by its Board of Directors. And all this was achieved in under 4 months! Watch the video to see how.
Want more information? Drop me an email on firstname.lastname@example.org or follow me via LinkedIn.