Can CIOs really fully manage their business risk across an entire enterprise and mitigate the impact that security breaches could have on the company as a whole?
The IT systems of the Olympic Games are protected by the same system as those of our clients – Atos High Performance Security (AHPS). AHPS monitors its IT environment at all times, finding suspicious activity as it occurs. This new Fast Track Guide on Identity, Security and Risk Management is quick to read and formed from the very latest thinking and describes the Atos solutions that enable the CIO to manage business risk across an entire enterprise.
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
London 2012 brochure - Identity, Security and Risk Management
1. Identity, Security and Risk Management
transforming
risk efficiency
value and
into
Your business technologists. Powering progress
2. Securing your business while
maximizing opportunities
“Protecting the Businesses today are confronted with
privacy and a seemingly limitless variety of threats,
integrity of including identity theft, organized hacking,
intellectual property ever-changing legislative and compliance
and customer requirements, data loss, and more.
information is part As evidence of this, an online, underground D
igital Security – Using familiar tools
of bedrock of a marketplace exists where people can actually
buy viruses and Trojans, such as Zeus, and then
such as identity management, antivirus,
modern network modify them and attack your business in new
firewalls, intrusion prevention and other
technologies to defend the enterprise from
enabled business .”
ways. These attacks are being conducted by would-be attackers.
coordinated gangs interested chiefly in money,
but sometimes espionage as well, and less often C
ompliance and Risk Management
these days simply for ‘bragging rights’. – ensuring that your business is able to
evidence alignment with regulatory and
Against this ‘threat backdrop’, you are legislative requirements. Although this can
simultaneously being asked to embrace involve tools and technology, it is more
a multitude of new technologies. Take for focused on process enabled business
example the “Cloud”. This new technology could controls, governance and staff behaviour.
enable business models which may offer your
company new revenue streams and innovative A comprehensive approach is required to
ways to control costs, but not without taking align digital security with compliance and risk
some risks. In fact, for many companies, management and critically to ensure that ‘weak
security issues are preventing them from links’ are avoided. Atos’ approach combines
rapidly ‘integrating with the cloud.’ a holistic understanding of security and the
regulatory requirements for your industry.
But, if you want to take advantage of new By understanding your business process
growth opportunities, how much risk are you controls and control needs first we ensure that
willing to accept, and how do you manage that your compliance and security investment and
risk to the best advantage of your shareholders? operations are well aligned with your most
How do you transform risk into value? Atos can pressing industry compliance requirements
help you do just that. and valuable business information assets.
We can help you evaluate and balance the risks Our ultimate goal is to help you to grow
involved and find a way of managing those your business by enabling agile operating
risk through your IT, governance and business model changes which would be too risky
processes. And while managing business risk in a enterprise with less well integrated risk
and digital security remains a basic business management processes. For example by
requirement, it is spread across two increasingly enabling your enterprise to bring a new social
complex yet related and growing areas networking enabled business to market which
of concern: could generate millions in additional revenue
but which will only deliver upside benefit if the
downside risks are well managed. That is what
we call ‘transforming risk into value’, enabling
you to take the upside benefit whilst reliably
managing your downside operational risks.
2 Transforming risk into value and efficiency Transforming risk into value and efficiency 3
3. It’s all about trust –
governance to regulatory
compliance to digital security
Through a three-stage cycle of assessment,
transformation and ongoing management,
M
itigate risk by restricting access to sensitive
data and improving security monitoring “Anchoring the
we help your company understand the risks it
faces and how to manage those risks such that L
ower costs by managing complexity and
capabilities and
you can leverage new business opportunities.
For example exposing business processes to
automating compliance, identity and security
management procedures
perspectives
the web for ecommerce can be a great way of
opening up a new revenue stream but only if I
mprove the agility of your business by
of regulatory
the security risks are well managed. We take providing the right people with access to the compliance
an integrated view across an enterprise and
its business controls, application controls and
right resources at the right time.
management and
infrastructure controls. And because we have
an in-depth understanding of both the business
Our capabilities and expertise include:
digital security
and IT controls required for effective compliance
and security we can create a unifiedapproach
A
comprehensive understanding of
regulatory compliance requirements
together will
and perspective across your company. supported by over 500 experienced business
consultants and security experts worldwide
reduce your total
We help organizations worldwide to address cost of compliance
their most complex compliance and security
challenges and to:
A
proven track record of executing large
multinational digital compliance and security and security
A
chieve business-driven governance by
projects in complex IT environments
management whilst
automating the enforcement and reporting of A
deep understanding of digital identity
management, for example we manage 17
improving the
business policies and compliance mandates
million secure digital identities for the UK
Government Gateway Service Portal
efficiency of both.”
H
elp you apply effectively the regulations
your industry mandates
A
trusted forensic security capability which
includes the operation of state accredited
security product evaluation centres
P
artnerships with world leading security and
risk management technology providers such
as McAfee, Oracle, Novell, RSA/EMC
and Microsoft.
Identity, Security and Risk Management (ISRM)
solutions from Atos enable you to manage your
business risk across your enterprise top to bottom.
We have a long, exemplary history of delivering
highly effective, award winning solutions, tailored
to individual needs. Our solutions have been
deployed at nuclear power stations, for air traffic
control systems and at the Olympic Games.
4 Transforming risk into value and efficiency Transforming risk into value and efficiency 5
4. Strengthening trust
relationships – eliminating
the weakest link
Control transformation
Aligning people, process and technology
enabled controls with risk appetite
GRC IAB
Brand Trust
and Value
Business Risk and
Control Control
Management Profiling
STA MSS
Managing controls Understanding risk
efficiently, exposure appetite
Our approach to Identity, Security and Risk Management (ISRM) consistently and
is based on a simple, three-stage methodology with the goal of reliably across the
enterprise
reducing risk, growing your business and enabling trust between
your organisation and your industry value chain. The three stages,
as illustrated in the diagram, are Risk and Control Profiling, Control
Transformation, and Business Control Management.
6 Transforming risk into value and efficiency Transforming risk into value and efficiency 7
5. Risk and Control Profiling Ongoing Business
Control Management
Risk and Control Profiling enables you to
discover and understand the risks you are After identifying risks and implementing
exposed to, or are considering exposure to, appropriate controls, Atos can offer you
whilst being able to plan your risk appetite. ongoing managementof controls and
The art here is to reduce the volume of supporting technologies, ensuring an ideal
unknown, unmeasured threats and unknown balance amongst compliance requirements,
control requirements. This process can be IT security issues and operational expense.
genuinely enlightening, sometimes revealing We offer these services via our Managed
very significant business risks. Security Services (MSS) one part of which is
Atos High Performance Security, which offers
We support this stage from our Governance, real-time risk management, event correlation
Risk and Compliance (GRC) offerings. GRC and monitoring of your security
offers methodologies, processes and skilled, and compliance 24x7x365.
experienced staff who can measure and
benchmark risk, providing advice and support
regarding the business impact and cost of
treatment of topics such as legislative and
“Your security
regulatory control requirements, security
strategy and more.
and compliance
management is
Control Transformation only as strong as
This stage enables you to change how you
manage risk by addressing the people, process
the weakest link.”
and technology aspects of business controls.
Our IAB (Identity,Access and Biometrics) and
STA (Security Technical Advisory) services are
designed to help you adapt controls to manage
risk as effectively as possible. We can help you
improve data privacy by encrypting data on
mobile devices across the enterprise, or deploy
identity management technologies to both
lower costs and improve auditability.
Other STA and IAB services we offer include
reducing regulatory compliance costs via IT In January 2007, the US retail company TJX announced that
automation and reducing help desk costs via
biometric solutions. someone had broken into its payment systems and illegally
accessed card data belonging to customers in the US, Canada,
Puerto Rico, the UK and Ireland. In filings with the US Securities
and Exchange Commission (SEC) in March, the company said
“45.6m credit and debit card numbers were stolen over a period
of more than 18 months by an unknown number of intruders.”
Computer World UK
8 Transforming risk into value and efficiency Transforming risk into value and efficiency 9
6. Why Atos?
Atos bring together risk management, regulatory
compliance and digital security. We have done “We help you navigate through
this for Olympic Games, for nuclear power plants
and for air traffic control systems, as well as for
the challenges of governance, risk
some of the best known companies in the world.
We put our clients first, and work to understand
management and compliance,
the unique challenges our clients face. We adapt
our solutions to your specific needs and can
while optimizing available budget.”
provide total security solutions, from consulting
to implementation to ongoing services. We
provide these security services today, to
thousands of clients throughout the world, and
can do the same for you.
Governance Risk and Compliance Security Technical Advisory
Security Maturity Assessment PCI DSS
Business Continuity Management Vulterability Analysis
Security Strategy Data Loss Prevention
Security Awareness Training Cloud Security Assessment Services
Managed Security Services Identity, Access and Biometrics
Atos High Performance Security Identity Management
Security Risk Management Help Desk Cost Reduction
10 Transforming risk into value and efficiency Transforming risk into value and efficiency 11