Security Consulting

Protect your sensitive business services

OCTOBER 2013

Business Unit contact:

Marketing contact:

Organizations must be ready to

answer to evolving security threats
and challenges
The context
Security has become more important
because the IT environment is a place for
managing business and not just exchanging
information.
Organizations are often involved in security
incidents as a target of an attack which
have an impact on services performance
and profitability.
Each organization should develop a global
security program which should include
technological and organizational areas in
order to protect their revenues.

Your challenges

Protect your business assets

and critical services by
efficiently managing security

Challenges

1 Protect customer information

Provide availability, integrity and
confidentiality of critical assets
Continuously measure risks, threats, and
vulnerabilities
Assess the effectiveness of your current
security controls from internal/external
attacks

2 Minimize potential financial losses

Manage risks related to loss of data
and service degradation/outage due
to security breaches
Protect the organizations reputation
against cyber-attacks

3 Manage the evolving nature of IT

threats

Maintain specialized skills within

threats trends
Raise technology security awareness
Permanently evolve current IT security
solution

Security Consulting October 2013

4 Ensure an Information Security

Management System (ISMS)

Develop a security management

strategy
Be aligned with regulation/law
requirements
Design, implement, and maintain
security policies, processes and
technologies
Involve the whole organization in
security management
Improve KPI related to quality of
protection
Limit impact of human errors made in
the way security is managed

5 Optimize costs
Reduce OPEX of provided security
services
Select the most benefit ratio
TCO/quality related to IT security
architecture

Educate your staff for IT security

trends and Information Security
Management System (ISMS)
Security raise awareness is the first step of our
end-to-end security consulting services,which
cover technological & operational areas, and
are independent from security solution vendors.

Raise
awareness

Implementation
& Maintenance

1 Your objectives
Keep up to date with current worldwide security breaches
Have an overview of IT security solution evolving trends
Raise knowledge on how to develop an information security policy
strategy based on ISO 27001 international standard

2 Our method

Conduct strategic and technological workshops

Provide high skill speakers within security areas
Discuss main technological security trends and information security management
Share our knowledge based on Orange experience
Assess your security challenges through brainstorming session
Provide case studies & best practices

3 Benefits

Assessment

Design

Our solutions

Increase your information

security awareness

Understand the main cyber security threats

Benchmark security breaches countermeasures solution
Raise awareness within your organization related to security challenges
Master the methodology of the ISMS

Security Consulting October 2013

Identify your potential weaknesses

and have an action plan for fixing
them
We share with you our security assessment
know-how and recommend you our best
practices.

Raise
awareness

Implementation
& Maintenance

Assessment

1 Your objectives
Verify that sensitive services are not vulnerable to a security risk that could allow
unauthorized access to resource
Continuously identify vulnerabilities
Evaluate your current IT configuration & design security
Assess the effectiveness of your current information security management
Determine your compliance with ISO 27001 standards

Our solutions

Assess your current IT

security management

2 Our method
Technical environment audit using tools by:
Assessing the vulnerability of the internet facing service(s) through network vulnerability
scanning
Ensuring penetration tests
Auditing the security level of applications and critical services
Evaluate your compliance with ISO27001 reference frameworks by
Understanding your processes, procedures and organizations
Interviewing employees departments
Assessing strenghts and weaknesses of the organization in accordance with reference
frameworks

3 Benefits
Design

Measure real security maturity level of your IT security

Have a complete visibility of identified vulnerabilities, risks associated and proposed
remediations
Identify unauthorized hosts/services available from Internet
Get a full visibility of steps needed to increase IT Security level

Security Consulting October 2013

Be aligned with your business

security expectations
We support you in designing customized
solution based on our experiences we have
been gathering for several years.

Raise
awareness

Implementation
& Maintenance

Assessment

Design

1 Your objectives
Plan your IT security architecture strategy
Choose the best technical security solution (i.e. IPS/FW) in accordance with your
requirements
Design effective ISMS in order to protect information by ensuring confidentiality, integrity
and availability

Our solutions

Design your security

strategy

2 Our method

Develop your security architecture design by

Defining security business objectives and requirements
Understanding your current IT security environment
Designing your target architecture
Building roadmap including actions plan, security management model (on-premise,
outsourced), risks associated and CAPEX/OPEX estimations
Test your technical security solution in a professional Lab environment
Develop your ISMS in accordance with ISO 27001 standard by
Defining information security requirements (scope, legal aspects, and business objectives )
Classifying information and defining treatment rules with information
Designing ISMS methodology
Creating policies, operational procedures and information security instructions
Defining communication and training plans

3 Benefits
Get a high secured architecture design based on best practices
Have a clear vision of the architecture security development phasing aligned with IT Governance
and business requirements
Verification of real performances of technical security solution independently from vendor
Own a proven ISMS design methodology

Security Consulting October 2013

1 Your objectives

Proactively detect awareness and fix potential security issues

Manage a complex security environment
Consider outsourcing to a professional Managed Security Services Provider (MSSP)
Increase your staffs security knowledge level

Our solutions

Implement and manage

your security solution
Outsource some security services to
a proven professional partner

2 Our method
We provide you high skill staff which efficiently
supports you within IT security management.

Raise
awareness

Assessment

Provide Security Operations Center as a service (SOCaaS) ensuring a dedicated Single

Point of Contact (SPOC) by:
Monitoring 24/7/365 security events in your systems
Quickly identifying threats using correlation techniques
Immediatly notifying security breaches
Including recommended mitigation solutions and Service level reporting
Manage your technical security solution including security monitoring, signatures
updates and incidents reporting based on SLA
Train your engineers and security administrators within configuration and
administration best practices

3 Benefits
Implementation
& Maintenance

Design

Improve your quality of protection

Have a permanent support from a proven MSSP with a SLA
Rearange your staff utilisation to increase productivity in mission-critical business areas
Reduce your operational and financial risks
Benefit know-how transfer from international Telco experts

Security Consulting October 2013

Build an unique and high-quality

competencies
Design, implement and manage a SOC is a cross domain
challenge which includes people, processes and
technologies areas.

The SOC has considerably improved Orange

Polands effectiveness related to security
threats management.
Customer testimony:
Implementing SOC within our organization resulted in a
significant raise in protection of our crucial business systems as
well as thorough awareness of the ongoing IT security events.
Currently I cant imagine a responsible enterprise functioning
without SOC.

1 Oranges challenges

2 Our method
Ensure a SOC for the whole organizations IT environment
Analyze business security expectations (including SLA requirements)
Design a complex security management strategy and roadmap
Build, implement and manage processes, procedures and organization
Choose and implement the right technology (SIEM - Security Information and Event
Management and support tools)
Ensure risks management by continuous monitoring

Tomasz Matua,
Manager of IT Infrastructure & ITN Security
Orange Polska

SOC creation was a big challenge, that can be easier thanks to

Sofrecom's support, including: project management, procedures
and processes' organization.
Przemysaw Dba
Manager of ITN Security
Orange Polska

Guarantee high availability for critical business applications which ensure revenues
Provide a quick incident detection and response capabilities
Protect against cyber attacks which become more frequent and sophisticated
Manage a huge number of security notifications
Monitor distributed environments security
Business and IT processes complexity

Our successes

Orange Group (Poland):

Security Operations Center

3 Benefits

Proactive support with real time 24/7/365 security monitoring and management
Improve detection time of security threats, risks and vulnerabilities
Quick security issues fixing by highly specialized team
Clear vision of security dashboard for critical business services
Post-incident analysis and increase know-how competencies

Security Consulting October 2013

Sofrecom, the partner of

your success
Benefit from our experience
acquired with leading operators

Prospective

Business
Consulting

IT solutions

Networks
& Services

Unique expertise
A global view of your challenges
45 years of experience

11 local entities outside France

A know-how network
Experts of 30 nationalities
Our subsidiaries

1,400 consultants and experts

Our customers

200 customers worldwide

Security Consulting October 2013