The transportation and logistics industry runs on tight-knit coordination and careful management of information. Timeliness, control, and information security are all crucial factors in running a successful transportation logistics organization. However, these companies may often find themselves needing help when it comes to managing their information security programs as well as filling the positions required to run and support a modern technology infrastructure. Conquest provides security as-a-service for this specific organization, augmenting its information security staff and providing real-time insight into a fully adaptive security program.
A global transportation and logistics company with several subsidiaries that are subject to NIST compliance and faces unique vulnerabilities associated with their specific industry.
Our clients found themselves in need of an adaptive security program that covered all of their bases; IT security assessments, management and monitoring of security systems and incidents, and a holistic, risk-focused, system-based approach to security support. Their work is highly dependent on a robust and secure IT infrastructure, but they find it challenging and costly to staff a full-time IT support team for the company and all of its subsidiaries. They needed a solution that was effective, reasonably priced, and familiar with their industry compliance requirements and best practices.
The best solution for this transportation logistics company was a continued engagement through security-as-a-service, which included:
- Cybersecurity consultants and security operations center personnel to fill the gaps in their IT staff
- Exercises to validate cyber capabilities
- Establishing metrics for program success and developing and monitoring plans of action and milestones, with compliance to checks to evaluate the program against these metrics
- Recurring security assessments for the company and its subsidiaries for both external and internal network security, internal security applications and services, firewall and DMZ configuration.
- Recurring assessment of incident response, document management, and change management procedures as well as organizational structure, based on NIST 800-53 guidance and industry best practices.
- A risk-focused, system-based approach that is organizationally tailored to the client’s specific risks and systems.
- Identification of vulnerabilities in the infrastructure and control gaps in the processes that could potentially compromise security.
- Security awareness training focused on the threat of social engineering and security best practices aimed at improving general security culture within the organization
The client’s overall security posture is continuously enhanced through an ongoing and proactive approach to implementing a holistic security support services program. The project has yielded the following results:
- More a dozen separate security focused projects engaged over the past three years
- The company can now anticipate and mitigate risk without realizing any of the cost, schedule or performance risks associated to their industry and operations
- Deliverables and communication consistently on or ahead of schedule when proactive will not disrupt business operations.
- Over 117 separate engagements performed without cost overruns
- Business operations have been enhanced and the organization is more resilient to information security threats.
- The client’s stakeholders have a direct line to executive sponsors. However, with an organizational culture focused on proactively meeting or exceeding expectations, the ability to escalate is rarely used.