Transcription
Cyber Security & Data Privacy ConsultingHow should CxO addressCyber Security & Data Privacy tobuild digital trust and resilience?DRIVE – EMBED – DESIGN – IMPLEMENT – ASSESS
We support and secure yourdigital journey with consistentservices to assess your posture,embed security and privacy,design platforms and implementbest practices to protect sensitivedata, critical infrastructures anddigital services. This enables you todrive a consistent digital securitystrategy and roadmap focusing onrisks, data and people.Drive, Embed, Design, Implement and AssessAs Digital Transformation initiatives gain pace across theworld, the threat of cyber-attack grows in tandem. Furtherrisks stem from the evolving business and regulatoryrequirements and technology trends that are posing newchallenges and endangering the success of digital journeys.In this landscape, while cyber criminals have matured andprofessionalized, Cloud, Internet of Things and connectedobjects, Big Data and AI technologies and services maketoday’s digital enterprise increasingly vulnerable. Thecriminals are quick to exploit this.The cost – both financially and in reputational damage – ishuge. The annual cost of security incidents and data breachesis anything from 400 billion to 600 billion. Add to this theonce loyal customers who take their business elsewherefollowing a security breach, reduced competitive advantage,fines, and loss of business due to system downtime. It’s clearwhy embedding security & privacy are key to mitigate thethreat of cyber-attack is a strategic priority.Indeed, cyber security and data privacy are a boardconcern strongly linked to trust and resilience, innovation,competitiveness and business growth. Safeguarding personaldata, research and development findings, intellectualproperty, business development documentation, and othercritical information assets must be addressed in the contextof Digital Transformation. It’s key to design Security & Privacyplatforms for Cloud and Mobile computing, as well as BigData and AI, Operational Technologies (OT) and Internet ofThings (IoT).Business leaders in both strategic and operational roles mustanswer vital questions.2Cyber Security & Data Privacy ConsultingWith the growth in cyber-attacks and data breachescosting business and the public sector millions every year,cybersecurity is high on the strategic agenda. Businessleaders in both strategic and operational roles mustanswer vital questions to ensure their business is resilient.Cyber Security & Data Privacy Consulting provides keyanswers enabling strategy alignment, competitivenessand performance.Globally, organizations are facing 3 big challenges tomanage digital risks#1 Challenge: Disrupt digitally How to embed cyber security and data privacy in yourCloud strategy enabling your digital enterprise? How to ensure secure digital transformation with limitedconstraints for users? How to transform your current practices to manageincreasing threats and ensure your business is resilient? How to transform your Governance and RiskManagement processes? Can you trust new digital opportunities & transformwithout compromising your critical assets? Can you trust partners / third parties / new acquisitionsor will their lack of security have an impact onyour reputation?#2 Challenge: Protect and Comply How to manage and control cyber-threats efficiently? Are you compliant with security and privacy regulationsand corporate policies as well? How do you transform the CISO function to deal withbusiness and legal requirements efficiently? How to control security & privacy operations across digitalservices, apps, data, infrastructures and endpoints? How your clients trust your services or products in terms ofhow you use and secure their data? How to manage the impacts of any security incident ordata breach?
Some examples: 2012 - 2018#3 Challenge: Reduce (optimize) costsME: Stuxnet malware is the first public attack on industrialsystems that reduced Iran nuclear industry capacity. What are the most efficient governance models? What are relevant human resources and skills torely on? What are the technologies to be implemented atbest cost? What balance in terms of in sourcing andout sourcing? What balance in terms of Prevention/Protection vsDetection/Response? How to include cyber insurance in your RiskManagement practices?NA: Based on a phishing attack, criminals accessed data for40 million credit cards. The retail company cost for creditcard replacement estimated at 200 million.FR: Cyber attack on international TV by State sponsored orHacktivists. Huge sabotage of operational systems usingsocial media credential.UK: A telco has been fined a record 400,000 fine forsecurity failings which led to the theft of personaldata of almost 157,000 customers.WW: The largest RansomWare attack in history hitover 200,000 computers in at least 150 countries on13th May 2017.WW: Cambridge Analytica harvested the data of 87 millionsof Facebook profiles, taking advantage of a loophole inFacebook API.Figure 1: 5 key pillars of Digital Security Strategy and Architecture5 key pillars of a Digital Security Strategy and ArchitectureDatacenters & Networks/Application & Database/Data in transit/Endpoints/Identity & AccessApplication security testing,penetration testingRisk & Compliance (incl. economics)Security policies& control processesThreat IntelligenceA p psPeople Awareness &Change Managementp ge mSecurity & Privacy by designetInfVulnerability assessmentiDataCySecurity architecture(5 pillars)ini / S o gIA ME nd p o i nt sCaSecurity OperationsCenter (SOC)b e r s e c u r it yr a s t r uct ur eData Leak PreventionData Privacy Architecture (data focus)Security incident remediation actionsThe cycle of cybersecurity operationsInvestment must be wisely balanced between these 12 activities3
The World Economic Forum “Globalrisk report 2018” highlights fourtechnological risks among the 30most important macro risks: Cyber attacks are in the top 10 risks,both in “Likelihood” and “Impact”Cyber attacksData fraud / theftCritical infrastructure breakdownsAdverse consequences oftechnological advancesA coordinated resource pool ofconsultants and expertsJoining forces and skillsOur consulting services are a key component of our broaderCybersecurity Global Practice. This comprises more than3,500 specialists with cyber security and data privacy skillsand a deep knowledge of relevant regulations, standards,methodologies, tools and processes. The complete portfolioof services and technologies delivered by our teams, isdesigned to help organizations defend themselves againstcybercrime and demonstrate proper compliance, whileleveraging the power of Digital and Cloud technologies. It’sFigure 2: Why are we different5 Global Business Lines 40% growthEmbedded & AgilePrice & GrowthWe deliver at best price andOverperform market growthWe embed Cyber Security & Data Privacywithin Digital transformations based onCloud services for IT & Data, OT & IoTWe aredifferentInnovation & PartnersSkills & Ability to executeWe innovate through Research (SogetiLabs, Digital Transformation Institute)and partnerships(MIT, technology providers)We develop our expertise within 3regions in Europe, North Americaand APAC4 recent surveys and reports4Cyber Security & Data Privacy Consulting3500 consultants
a comprehensive suite of skills, methodologies and toolsgiving clients proven practices, world-class consulting andtechnology, and leading edge managed services. Theseare built on expertise covering the five pillars of ourcybersecurity models: Users, Applications, End-points,Infrastructure and data.Our Cyber Security & Data Privacy Consulting professionalshave proven experience of defining and implementing theright strategy, target operating models and GRC structureto help clients embed security and privacy as a businessenabler and design adequate platforms with people, processand technology. We accompany our clients throughout theirdigital journey to implement relevant standards and complywith regulations along with protection and monitoringcapability.Developing trust and resilienceBy planning ahead with a cybersecurity strategy as part ofyour Digital Transformation, you will be in a more confidentposition to develop trust and resilience, stay compliantand achieve cost savings. Your organization will derive arange of benefits around the three key themes of enablinggrowth, improving resilience and reducing cost. Within thesethemes, we help our clients to enable Digital Transformation,innovation and competitiveness, while protecting theirassets and reputation so that they sustain business growth.We help to extend security from deterrence and protectionto prevention and full resilience. And we minimize the impactof data breaches and cyber-attacks and ensure efficientcompliance with regulations, such as those relating topersonal data protection.Delivering large projectsOur teams are used to work for national and internationalaccounts in complex and multicultural environments. Ourbiggest teams are located in France, UK, North America,Germany and the Netherlands. They are complemented andsupported by strong capabilities in Spain, Portugal, Italy,Nordics and India.Figure 3: Cyber Security & Data Privacy Consulting PortfolioTarget Operating Models and Transformation ProgramsStrategicConsultingServices12DriveDigital SecurityTransformationDEPLOY APPROPRIATEGOVERNANCE ANDPROJECTS TO IMPROVE DIGITALRISK MANAGEMENTStrenghtenSecurity & PrivacyCulture and Skills3GET USERS’ ENGAGEMENT ANDEDUCATION TO MAKE PEOPLETHE FIRST LINE OF DEFENSEEmbedSecurity & Privacy IntoDigital InitiativesDEVELOP “BY DESIGN”PRACTICES TO REDUCE RISKSAND COSTS, AND DEVELOPDIGITAL TRUST4Security & PrivacyPlatformsPREPARE CYBER SECURITYOPERATIONS WITH ADEQUATEPEOPLE, TECHNOLOGIES,STANDARDS AND PROCESSESPolicies and Standards, Guidelines and nformation SecurityManagement SystemsENSURE THE BASICS ANDMINIMUM STANDARDS AREADOPTED AT BEST COST ACROSSALL PARTIES INVOLVED6ImplementCloud & Infra SecurityStandardsENSURE THE SPECIFICPRACTICES ARE ADOPTED TOENABLE SECURE DIGITALJOURNEY78ImplementData ProtectionStandardsENSURE THE SPECIFIC PRACTICESARE ADOPTED TO PROTECT DATAASSETS AND COMPLY WITHREGULATIONSImplementCritical Infra SecurityStandardsENSURE THE SPECIFIC PRACTICESARE ADOPTED TO ENSURERESILIENCE AND COMPLY WITHREGULATIONSMetrics and RemediationAssessmentServices9AssessCyber Security & DataPrivacy ComplianceDEMONSTRATE EFFECTIVE RISKMITIGATION AND COMPLIANCE ON THELONG TERM10Assess & TestCyber SecuritymeasuresDEMONSTRATE PROTECTION &DETECTION EFFECTIVENESS ON THELONG TERM5
Figure 4: Toward Digital Trust and ResilienceSafety, Reliability and Privacy: Digital Security ImperativesThe New Model for Digital tyEnvironmentsDataAvailabilityReliabilityGartner Security & Risk Management Summit : "Tutorial: Gartner Essentials: Top Cybersecurity Trends for 2016-2017," Earl Perkins, 12-13 Sept 2016Impacting Industries on the long termCybersecurity is a business enabler for building trust andresilience in the digital world Figure 4 . We have deepexperience in cyber security & data privacy transformationacross Financial Services, Utilities, IT Services, Manufacturing,Automotive, Government. Our clients are from all sectors.Our consultants help to increase risk control (security andprivacy) throughout an effective change managementprocess that balances the risks and opportunities of yourdigital journey. The impact of successful cyber attacks or dataleaks is felt not just on corporate IT, but on the business andits executives too. Our clients are C-level.We have helped diverse organizations increase managementawareness of the importance of cyber security and dataprivacy to define their cyber defense strategies. Clients of all sectors have drawn on our StrategicConsulting services. This features maturity questionnaires/ models and workshops to establish a proper digitalsecurity strategy. We drive multiyear programmanagement to enable consistent implementation oftarget operating models. We help clients to develop theirsecurity and privacy culture (on site, online/e-learning andCOOC, KPI), their organization and process (key functionsand roles, RACI, skills, training program). We buildmethodologies and processes for “security & privacy” bydesign (GDPR, DevSecOps) with business and data ownersFinally, we design “security & privacy” platforms for key6Cyber Security & Data Privacy Consultingprocesses (GRC, IAM, SOC, DLP) based on technology andorganization with business and IT managers. Clients of all sectors have drawn on our OperationalConsulting services. This complements Strategicconsulting services. It features the definition andimplementation of policies and standards, guidelinesand procedures. We provide strong expertise on security& privacy frameworks related to Information SecurityManagement (ISO27001/27002, NIST, ISF, ISACA), DataPrivacy / Protection (ISO27018, ISO29101, NIST, IAPP),Cloud Security and Privacy (CSA-CCM, ISO27018, NIST) andCritical infrastructures (NIS Directive, NIST). We contributeto prepare certifications of digital services, applicationsand systems. Clients of all sectors have drawn on our Assessmentservices. This features the implementation of security& privacy controls and tests, metrics and dashboards. Itaims to demonstrate compliance and effectiveness and todefine adequate remediation plan. We use and developspecific tools and methodologies for pentesting andcyber-attack simulation, audit of organization, processesand architecture. These services are strongly connected toStrategic Consulting (to review target operating modelsand roadmap), Operational Consulting (to use consistentframeworks and metrics), Protection Services (to build thesolutions on strong foundations) and Managed Services (ie.Code audit and Application Security Testing).
Why Capgemini?Ongoing discussions at executive level on the risks andopportunities of Digital transformationSignificant investment to further develop our reputationas a global service provider enables us to address C-levelcyber security and data privacy concerns from a businessrisk perspective.We work closely with Chief Information Officers, ChiefDigital Officers and Chief (Information) Security Officers,Data Protection Officers, Business leaders and Executivesto ensure cyber security and data privacy are effectivebusiness enablers.As you would expect from a global leader in cybersecurity,we work with the highest security and privacy standards andtechnologies to propose managed services and protect: Personal and sensitive data incl. Big data and AICritical infrastructuresCloud and mobile technologies and servicesOperation technologies for digital factoriesConnected objectsKeep your organization ahead of current and emergingpractices in a rapidly changing business and digitallandscape with cyber security and data privacyconsulting from Capgemini.Gartner reports Capgemini #10for worldwide Security ConsultingServices market share in 2017;overall market totaled 19.0 billion inrevenue.”Source: Gartner Inc.: “Market Share: Security ConsultingServices, Worldwide, 2017” Elizabeth Kim, 26 July 2018Capgemini was positioned as‘Challengers’ in ALM Vanguard Reportand 2nd in terms of ‘Breadth ofConsulting Capabilities’.“Capgemini exhibited severalcapability ratings that were quitestrong, finishing in the Challengersection of the Vanguard and showingpositive momentum.”Source: Gartner Inc.: ALM Intelligence’s 2017 VanguardReport on Cybersecurity Consulting Worldwide7
AboutCapgeminiA global leader in consulting, technology services and digitaltransformation, Capgemini is at the forefront of innovation toaddress the entire breadth of clients’ opportunities in the evolvingworld of cloud, digital and platforms. Building on its strong 50-yearheritage and deep industry-specific expertise, Capgemini enablesorganizations to realize their business ambitions through an arrayof services from strategy to operations. Capgemini is driven bythe conviction that the business value of technology comes fromand through people. It is a multicultural company of over 200,000team members in more than 40 countries. The Group reported2018 global revenues of EUR 13.2 billion.Visit us atwww.capgemini.comFor more details contact:Geert Van der LindenThe information contained in this document is proprietary. 2018 Capgemini. All rights reserved.Macs CS 20181116 AHEVP, Cybersecurity Business Leadgeert.vander.linden@capgemini.com
digital journey. The impact of successful cyber attacks or data leaks is felt not just on corporate IT, but on the business and its executives too. Our clients are C-level. We have helped diverse organizations increase management awareness of the importance of cyber security and data privacy to define their cyber defense strategies.
