Architecture & Cyber Risk Consulting - Global Logistics Company
Architecture & Risk Consulting - Global Logistics Company
Our client is one of the top 10 global logistics companies with approximately 100,000 employees and extensive European operations.
Nicolson Bray were engaged for advice and consultancy in two key areas:
IT security risk remediation
Seven key IT security risks had been identified and recorded over a number of years. However without significant focus and buy-in these risks had remained largely unmitigated.
Our client sought advice and leadership to manage the remediation of these risks.
Carve-out from competitor
Our client had recently announced the acquisition of the regional operations of a global logistics company.
However there was no plan for managing the IT security risk of the carve-out and the secure migration of services onto our client’s infrastructure.
Our solution
IT security risk remediation
It quickly became apparent that whilst a risk management process already existed, there was a lack of buy in and adherence across this global organisation.
This risk management process was reviewed and enhanced to increase risk visibility and global buy in from all stakeholders.
Risk remediation workshops were co-ordinated and held, risk owners were identified and risk remediation plans defined.
In addition risk ratings were re-assessed and corrected where necessary, and monthly reporting created to give the European CISO full visibility of risks owned by his direct reports and other teams.
Carve-out from competitor
The initial focus was the negotiation of security provisions into the Transitional Service Arrangements. These ensured that clear lines of accountability were set, and paved the way for a smooth migration.
Following this Security Transition States were defined for key stages of the carve out - Pre-acquisition, Day1, +6 months, +12months and Target. This enabled core architectural decisions to be made and provided a backbone for detailed planning.
These Transition States covered seven core cyber security domains, and consisted of detailed architectural solution designs for the transition of all significant services.
Over the past six months we have delivered a significant reduction in IT security risk, and now have robust plans in place to manage the carve out. Ultimately this success has been achieved through the direction and expert guidance of Nicolson Bray
European CISO
Outcome
IT security risk remediation
Despite operating within tight budgetary constraints, and being delivered during a period of heightened change and transition, the following has been achieved:
- Three of the long-term IT Security risks have been fully remediated. Prior to engagement these risks had been open for a number of years.
- Of the four remaining risks, individual security issues have been prioritised and remediation focus given to critical and high vulnerabilities. This has resulted in targeted investment and significant targeted risk reduction.
- Buy in for risk remediation activities has been significantly increased across the whole organisation.
- Visibility of IT security risk has been greatly enhanced for senior management and the Board.
Carve-out from competitor
The carve-out process has been complicated, and Nicolson Bray were engaged at a critically late stage. However 6 months post acquisition the following has been achieved:
- Security provisions have been successfully negotiated into the Transitional Service Arrangements.
- Full network integration has been achieved whist maintain a steady level of cyber security risk.
- Technology and infrastructure integration and migration is progressing and the +6 months Security Transition State has been delivered.
- The IT security control environment has been maintained during this disruptive level of change, the risk level has remained stable, and no incidents or breaches have been reported.