Case Study: Providing Cyber Security Strategy Plan
Client: Retail
An Ecommerce company enlisted OutSecure’s support for their online retail operation. The initial effort was aimed at identifying critical gaps in the end to end order taking, processing and storage of sensitive data. A multi-point plan anchored the initiative, including review of the technology, third party providers, business units and processes.
OutSecure Tasks:
- Provide strategic advice to ensure maximal security for the online Ecommerce initiative.
- Develop content and a questionnaire for the stakeholders.
- Review the process flows and perform threat modeling for the sensitive data flows.
- Create a list of immediate and strategic action items.
- Provide ongoing strategic counsel and assist the operation in navigating the complex cybercrime landscape.
- Make key connections for the initiative with key stakeholders throughout the ecosystem to assist with project planning.
Case Study: Writing Better, More Secure Code
Client: Software Assurance for Mobile Applications
OutSecure helped drive client’s mission on creating a secure software platform for providing assurance to their business partner’s requirements. OutSecure assisted by advancing effective software assurance methods based on best practices for developing and delivering more secure and reliable software, hardware and services.
OutSecure tasks:
- Provide leadership and framework creation for Secure SDLC.
- Drive substantive work in the area of software assurance.
- Work with developers and their management to develop and promote best practices for ensuring software security and integrity through the development of security guidelines, security architecture, and threat modeling.
- Drafted white papers on Software Assurance Best Practices and Secure Development Practices, the latter of which has been downloaded more than 1,000 times and shared externally with their providers.
- Facilitate stakeholder collaboration to reach a common goal of software assurance advancement.
- Established an Internal operational and security excellence to include mature and secure processes through the entire SDLC.
Case Study: Improving Corporate Crisis Communications and Incidence Response
Client: Global Company with a large cloud based infrastructure
The corporate management team of a leading global company wanted to improve the company’s crisis communications and obtain senior executive buy-in for these efforts.
OutSecure developed and conducted tabletop exercises at the firm’s U.S. headquarters and in one international office to identify gaps in existing continuity and security planning and leveraged key findings to develop training plans for the corporate management team.
OutSecure tasks:
- Raise awareness and buy-in among executives for crisis communications and disruption caused by data breaches on business
- Develop tailored and realistic tabletop exercise scenarios
- Conduct and facilitate tabletop exercises for key stakeholders across business and technical teams.
- Identify key “lessons learned” from tabletop exercises and leverage findings to make actionable recommendations for improvement
Case Study: Senior Executives training on Cyber Security
Client: GLBA and PCI regulated Company
A heavily regulated client contacted OutSecure to provide advisory services to its executive team to understand the realm of cybersecurity as it related to their communications and decision-making. OutSecure advised the companyʼs C-suite as they investigated a possible network breach, evaluated their disclosure obligations, and mapped their internal and external communications strategy.
OutSecure tasks:
- Build understanding among executive team of elements of cyber security that affect their overall risk governance for the company.
- Make recommendations on cybersecurity risk decision-making process
- Advise on communications strategies
- Review and edit draft communications materials
Case Study: Exposure of innovative technology to cybersecurity Risks
Client: Hospitality
A Hotel Company commissioned OutSecure to identify exposures for new technology solutions they had deployed and augmenting.
OutSecure tasks:
- Perform a holistic risk assessment of the technology and business and vendors.
- Identify and interview business and IT stakeholders
- Analyze and perform extensive threat modeling of the process and data flows
- Create a list of the exposures internally, vendor technology and infrastructure
- Met with IT and Business teams to lay out the plan for reducing the exposure both immediately and long term.
Evaluating Risk and Developing a Strategy and Governance Framework to Manage It
A telecom retained OutSecure to assess its cybersecurity risk profile and to evaluate its cyber incident response capabilities. OutSecure delivered an executive-level threat awareness briefing, gained specific insight into current operations through 30 stakeholder interviews with managers across the company, and delivered a tailored, executive level tabletop exercise. OutSecure synthesized key findings and presented them in an executive risk report, which gave the management team actionable recommendations to improve the companyʼs cyber crisis management capabilities. OutSecure was later engaged to follow-up on its earlier assessment to evaluate progress and off further recommendations to support a strategy and governance framework to manage cyber risk.
OutSecure tasks:
- Raise awareness within the executive team through an executive briefing and report
- Develop and facilitate a table-top exercise to evaluate and improve crisis management capabilities
- Conduct interviews and document review to develop recommendations for a strategy and governance framework to manage cyber risk
- Synthesize industry best practices to provide useful executive-level recommendations