HIGHER SECURITY STANDARDS WITH CISO AS A SERVICE

Industry:  Logistics
Services: IS Governance - CISO as a Service

Highlights

Documenting implemented ISMS​

Increased is awareness ​

Initiated multiple security projects​

Challenges

The customer, a logistics company in the CEE region , planned to significantly improve the company's security The customer, a logistics company in the CEE region, did not have a dedicated information technology (IT) department, which led to a lack of clear IT roles with clearly defined responsibilities and tasks. Furthermore, the company received IT services from several external partners.

Another challenge was the lack of defined and documented IT processes and workflows, which led to an inefficient IT landscape. In addition, the maturity level of information security was low and needed to be improved to ensure the integrity, confidentiality and availability of the company's data.

The customer's aim was to optimize the IT structure, define clear roles and responsibilities, and implement security measures to ensure more efficient utilization of IT resources and raise security standards to a higher level.

Car park with trucks from above.

Solution

With DIGITALL’s CISO as a Service, the customer had a team of certified cyber security consultants who defined the process and critical roles for customer's management board. They also specified the security helpdesk process and roles and developed the RACI matrix in collaboration with the customer and its IT partners. Additionally, the team assessed security risks, created a register, and provided Infosec awareness training.

DIGITALL created an Information Security (IS) Internal Framework containing guidelines such as IS Policy and IS Governance for effective information security management. Risk Management, Data Classification, and Business Continuity Policies manage risks, protect sensitive data, and ensure incident response. IT changes and vulnerabilities are managed with Change Management, Security Incident Management and the Vulnerability & Patch Management Standard. Further components of the framework are:

  • Business Impact Analysis Backup Policy
  • Configuration Management Policy
  • Secure Software Development Lifecycle Standard
  • Exception Handling Policy
  • IT Asset Management Policy
  • Crisis Management Policy
  • Vendor Management Policy
  • IT Project management Policy
  • Physical Security
  • Capacity Management Policy
  • Log Management Procedure
  • End-point Security and Anti-malware Solution Procedure
Blue containers with blue sky in the background.
 

You have a question or a specific use case? 

Write us a message and we'll be in contact with you to help your business find the right solution.