Case Study: Overcoming Inherent Cybersecurity Challenges as Data Threats Evolve with Emerging Technology and IT Modernization

Challenge

Modern software applications and IT infrastructures are complex. A lot of agencies are either modifying or enhancing IT systems, moving existing systems to a cloud environment, or creating new IT system on modernized platforms. As the need to store sensitive data increases, our clients must identify, detect, and quickly respond to security attacks; contain and remediate any threat; and protect their end user data. To accomplish these objectives, many of our clients are developing and implementing robust Cyber Security Programs (CSP) to ensure all IT assets including the date are secure.

The risk to IT systems are increasing including insider threats from witting or unwitting employees, rising and evolving threats from around the globe, and the emergence of new and more destructive attacks. Rapid advances in new technologies, such as artificial intelligence, the Internet of Things, and mobile connectivity, can also introduce security issues. In the face of these threats, cyber security programs must continuously adapt its defensive tools and processes by implementing the latest available detection techniques, industry best practices, and security tools.

Solution

To meet our customers’ challenges, Panum leverages emerging technologies and cybersecurity subject matter experts (SMEs) to provide comprehensive cyber security program management, technical services, incident response, and security analytics. Our initial step for this customer consisted in defining the cyber threat landscape with incremental improvements to mature the client environment into an automated, proactive security ‘shop’ with on-going continuous monitoring. The methodology of the landscape encompasses evaluations from all audits, self-assessments, and Federal Information Security Management Act (FISMA) compliance efforts (e.g., System Security plans, System Test & Evaluation, Plan of Action and Milestones management) in an integrated feedback loop that drives improvement of the security posture. We then defined the “To-be” target state for the client entailing a detailed cyber security framework identifying required cyber security capabilities. Our SMEs also assisted the client in measuring the maturity level of the cyber security program through technical assessments and review of organization and processes. The detailed gap analysis we performed on the to-be and as-is helped us to develop a robust cyber security program roadmap to increase the maturity level of the security posture for the client.

Benefit

The detailed security program roadmap assisted the client to tackle current and emerging threats using the cyber control framework. It assisted the client to gain a clear view of its Cyber security posture and was provided with an actionable roadmap to improve this posture.