FTSE10- Global FMCG Organisation
Global Information Security Transformation Programme Security Architecture
A FTSE10 global company headquartered in London, United Kingdom. It is the world’s second largest quoted company by its global market share with a leading position in more than 50 countries and a presence in more than 180 countries. It has over 38000 users in over 2000 sites.
The organisation was undertaking a large Global Information Security Transformation Programme with a multi £M budget to run over the course of 4 years. We worked to assisted providing the SBB’s (Solutions Building Blocks) to help realise thier newly established Enterprise Security Strategy. Working primarily in the Technical Tools and Controls space, we assisted in the definition of their Enterprise Antimalware Strategy and technical tool evaluation and selection for a number of key technical controls including Full Disk Encryption, Security Configuration Management, Removable Device Control and Encryption. Like many organisations, they were also moving to the new Windows 7 platform and redesigning their directory services infrastructure, looking where possible, to leverage new security features these platforms provided. We provided consultative advice around where to may be possible to leverage these new security features, with evaluations of BitLocker, BitLockertoGo, AppLocker etc. This ultimately fed into the creation of the target Windows 7 Security Architecture for the organisation with product recommendations in 10 key control areas, with low level architectural principles that needed to be adhered to, to realise their high level security policy requirement defined in their ISMS.
For selected tools, we provided both High and Low Level designs for the tools, along with assistance in Service Definition and wrap for the service, proposing suggested RACI definition for the SoC and associated training requirements and run books.
Underpinning all of the work in this space, we also worked with thier security organisation to propose a Security Measurements and Metrics taxonomy to key stakeholders, holding a number of workshops, to help provide the ‘glue’ for the work occurring within the programme, where current state, transition, and future state can be measured and realised, feeding requirements and prioritisation of security change initiatives dependant on risk appetite and visibility requirements.