Operational Security Management

Four Pillars of Cyber Security; Governance and Assurance, Managed Security Services (highlighted), Security Architercture, Penetration Testing Four Pillars of Cyber Security; Governance and Assurance, Managed Security Services (highlighted), Security Architercture, Penetration Testing

Four Pillars of Cyber Security;

  • Governance and Assurance
  • Security Architecture
  • Managed Security Services (current page)
  • Penetration Testing

Security experts dedicated to a client

Sopra Steria’s Operational Security Management team offers highly experienced consultants embedded into client operations to support their day-to-day security requirements and obligations. Providing a service that supports and fulfils a range of activities, implements and supports a robust controls framework defined within a clients’ Information Security Management System (ISMS) and serves to support the delivery of strategic policies and working practices to maintain a strong security posture.

 

Benefits

  • Embedded Service: OSM personnel are assigned to a client for the long term and work alongside their internal teams to assure delivery of a strong security posture and operate as a key trusted advisor to the client.
  • Proven Capability: The team have multiple years' experience within the Cyber industry delivering robust and resilient services. They hold and maintain several Cyber certifications including CISSP, CISM, CRISC.
  • Trusted Advisor: The OSM works alongside the CISO and business unit leads to help inform strategy through effective risk identification and management, leading actions where needed.
  • Risk Visibility: Monitoring risk and the threat landscape to provide visibility to the client. Assisting in the client’s readiness to react to an attack or incident.
  • Risk Management: Taking ownership of the relationship with technical teams and third parties to security assure the managed environment. Support our clients through audits by acting as a trusted advisor and evidence quality management.
  • Incident Management: Should the worst ever happen, the OSM will work with technical teams and third parties and direct actions to contain, eradicate and recover systems and environments upon invocation of a major security incident.

Our Approach

To tailor an operational security management service to fit the needs of a modern business and its requirements our team would initially work with clients to capture and understand their strategic goals and needs and undertake a full or partial risk assessment of the environments, policies and processes.  This enables the assignment of the correct consultant and skillset to deliver the correct outcomes.

Typically, the following activities would form part of the Operational Security Management service:

  • Implementing strategy, policy and working practice defined within an Information Security Management System (ISMS).
  • Providing regular reporting to assess the effectiveness and operation of the ISMS.
  • Managing and maintaining security operations in line with security policy, standards and industry best practice.
  • Understanding the customer’s key objectives and advise on areas for improvement.
  • Review and management of security risk and threat assessment (operational and system).
  • Engagement with internal stakeholders and 3rd party service providers on matters of information security, risk and privacy.
  • Managing and responding to security related incidents, developing strong internal and external relationships to promote the early identification and resolution of incidents.
  • Proactive management of threat detection and vulnerability management services and co-ordinating identified remediation activities.
  • Representing security considerations through assessment and triage of IT, process change and/or change requests.
  • Providing regular management reporting on the security posture and performance of key suppliers, and analysis of security related incidents.
  • Leading monthly client Security Working Group meetings.
  • Providing input into regular technical design authority working groups to discuss change.
  • Establish and maintain a regular cycle of vulnerability scanning and remediation management.
  • Support and prepare clients for regular IT Health checks and any regulatory audit events.

Service Areas

 

The Operational Security Management service is responsible for assuring client stakeholders that agreed security controls and metrics are implemented and monitored. Any new solutions and services adhere to agreed security policies and evaluating the results of any assurance assessments.

Security Audits and Assessments provide an effective way to determine the security posture of the components and identify areas for improvement through questionnaires, interviews, inspection workshops against industry recognised security standards such ISO 27001, NIST or Information Security Forum (ISF). The key to a successful audit is the ability to identify and locate the evidence needed to satisfy the security controls. The OSM can act on behalf of a client to support third parties executing an audit in assisting with the evidence gathering.

The OSM if required can execute audits against industry standards or client proprietary security standards.

Ensuring that there are effective processes and procedures in place, clearly linked with policies relating to the successful outcomes of leavers and joiners, that ensure appropriate security control are in place for access to a solution.

Adhering to the principle of least privilege, all users requiring access to a solution are assessed as per the agreed procedures ensuring that a user can only have access to what they need to. Privileged access IDs shall be separated from standard access ID’s and all privileged IDs restricted to a specific function or purpose and issued explicitly to named individuals for the time they need it.

Should the use of functional / shared user ids (such as ROOT or ADMINISTRATOR) be required then these will be closely controlled through effective process and tooling.

Effective change and configuration management is key to ensure that no security flaws or weaknesses are introduced unexpectedly, and that appropriate security rigour is applied. The operational security service can create these policies and work with the client to oversea them, ensuring that there is no degradation of service to the users.

The response service can be tailored to the specific client needs and requirements; however, typically a review any pre-existing incident response plans and details of testing outputs in terms of effectiveness and any lessons learned are assessed. If no incident response plan exists, then we would seek to work with clients to establish one.

We would seek to understand or build the response team, taking key stakeholders from the client functional areas, such as the SOC, local technical resources, business and departmental leaders and agree appropriate decision makers, authority levels and define call trees, communication plans and invocation process.

We would then look to establish common scenarios and build response playbooks for these and start to build a process of regular simulation testing, comprised of tabletop exercises and purple teaming events.  Regular testing is key to ensure effectiveness and preparedness and to enable continuous improvement of any defined plans and playbooks.

Following any incident, either real or simulated, a post incident analysis will take place where any lessons learned are shared, which will feedback into a process of continuous improvement, with a view to continually mature, improve and harden the services for the future.

Vulnerability management is an ongoing cyclical process of detection, assessment, remediation, and reassessment.  It differs from Vulnerability Assessment which is a one-time evaluation of a host or network.

This will typically take the form of understanding all environments within the scope of the vulnerability management service, including Cloud, on premise and hybrid environments together with their respective network address ranges.

The operational security management Consultants shall seek to understand and document key and critical systems, Network access points, systems with external interfaces (Public IP Addresses) and any other data to aid in contextualisation and prioritisation.

An initial discovery scan of the agreed environments scope will be carried out to both verify and reconcile the accuracy of any asset database and to establish a base line of scanning scope to inform the future vulnerability scan scope.

Discovery scanning shall also form part of the regular scanning lifecycle to capture any changes in the scanning scope, positive or negative, to be reconciled against expected changes and aid in the detection of any rogue devices which may have appeared since the last scan cycle.

Working with technical resource teams, Service management and third parties to raise, track, monitor and assure effective and timely remediation. Findings are rated from Critical to informational and together with the criticality of system will be used to inform risk level of the issue, which will then determine the response priority and actions to be taken.

Where recommended time scales cannot be met, the Security/Vulnerability Manager will work with technical teams and the client to agree an appropriate risk-based approach and time scale.

Certifications and Skill

  • NCSC Certified Cyber Professional (CCP)
  • ISO27001 Lead Auditor
  • Certified Information Security Manager (CISM)
  • Certified Information Security Auditor (CISA)
  • Certified Information System Security professional (CISSP)
  • Certified in Risk and Information Systems Control (CRISC)
  • The Open Group Architecture Framework (TOGAF)
  •  Sherwood Applied Business Security Architecture (SABSA)

Practice Lead