Page 25 - Gi flipbook February 2018
P. 25

can go direct to
                                                                                   senior executives
                                                                                   if we encounter
                                                                                   any roadblocks.
                                                                                     Symantec
                                                                                   embedded a
                                                                                   technical security
                                                                                   consultant in our
                                                                                   weekly architecture
                                                                                   and security meeting.
                                                                                   They had a full understanding of our
                                                                                   environment and challenges, and it
                                                                                   gave them an opportunity to address
                                                                                   any issues first hand and in real time.
                                                                                   We were able to accelerate our
                                                                                   migration to Symantec in just five days.

                                                                                   Cloud security services
                                                                                   in support of Office 365
                                                                                   We used our Microsoft partnership to
                                                                                   accelerate our Office 365 security
                                                                                   understanding, and worked with them
                                                                                   to understand their security roadmap
                                                                                   early on to make sure our IS strategy
                 and quarterly executive update   indicated this approach will underpin   was aligned.
                 reports, and we’ve used our work with   their guidance for all other UK CNIs.
                 them and the recent user awareness                                MSSP tender – testing the testers
                 survey we conducted to integrate the   CEB maturity profile       As part of the tender process for our
                 employee awareness roadmap.      We’ve chosen to adopt the National   new managed security service
                 Additionally, reviewing and amending   Institute of Standards and   provider (MSSP) we used best
                 our security policies has made them   Technologies (NIST) security   practice material from NCSC, Gartner
                 much more user friendly.         framework for reporting and      and the CEB, and worked with MWR
                   We introduced a new information   measuring maturity. In 2015, we joined   (a security consultancy that is one of
                 security knowledge zone on our   the Corporate Executive Board (CEB,   six government-approved incident
                 intranet, offering our people the   now owned by Gartner) which   responders) to help develop the tender.
                 chance to learn more about cyber risk   provided us with best practice and   They initiated a mapping exercise that
                 and how it can impact our company   technology solutions to equip us with   identified likely attack paths and
                 on a day-to-day basis.           intelligence to manage operations.   techniques based on their considerable
                                                  We’ve used its services to measure   experience of nation state compromises
                 PARTNERS – ONLY THE              and roadmap NIST controls maturity   and knowledge of MSSPs.
                 BEST WILL DO                     since 2016. We’ve asked all our    We wanted to see how the
                 NCSC partnership                 partners to adopt the NIST security   providers demonstrated their ability
                 Moving away from the traditional   framework to make sure we have a   to protect, detect and respond to
                 model of risk governance through   collective view of our controls.   common and advanced attack
                 compliance documentation, the NCSC   Following our lead, Amazon Web   techniques in tandem with our own
                 has taken a new approach to cyber   Services now does this for all their   attack path mapping. We also wanted
                 security. They’re now getting    global customers.                to know how they would manage our
                 organisations to understand the risks                             NIST maturity and collaborate with
                 to their business, and then articulating   Lighthouse approach    the rest of our security system.
                 appropriate controls to manage those   In order to meet challenging time
                 risks. This was the foundation for our   objectives with limited resources,   Communicating with external
                 security and cloud migration     we’ve taken a lighthouse customer   companies securely
                 programmes. We’ve worked closely   approach with all our security   Transport Layer Security (TLS)
                 with them and the Department of   partners. This is a mutually beneficial   encrypts emails between companies
                 Business, Energy and Industrial   arrangement supported by senior   saving the users from having to
                 Strategy (BEIS) in our security   executives of both companies. The   encrypt any documents. To date, we
                 approach, and they’ve been involved in  security partner leadership teams   have 150 partners who have signed up
                 all our workshops to comment and   have given us commercial discounts,   to use this service. ■
                 advise on best practice.         priority development and embedded
                   Our migration to cloud is      support, and in return we’ve agreed to   ■ SGN manages the network that
                 pioneering; no other UK CNI      promote any successful           distributes natural and green gas to 5.9
                 organisation is moving 100 per cent to  implementation through event talks,   million homes and businesses across
                 the cloud, as far as we know. This has   videos or referenced press releases.   Scotland and the south of England.
                 been of interest to NCSC, and they’ve   This collaborative approach means we   For more, visit www.sgn.co.uk






                                                                                                               25
                                                                                                               25

        CyberSecurity.indd   2                                                                                    18/01/2018   11:33
   20   21   22   23   24   25   26   27   28   29   30