Problem

Major brand delivers its content at physical sites to hundreds of thousands of guests. Like many [manufacturing plants], the sites utilized a Connected Asset Ecosystem of physically accessible Internet of things (IOT), industrial technology (OT) and suppliers to deliver the guest experience. The board mandated that the risk of cyber terrorism be addressed within six months. To deliver on the board’s request, the brand decided that it would need to retain consultants to design a risk management program, hire and train a team to execute the program and acquire and purchase a variety of technologies needed to manage the program.

SOLUTION

The brand ultimately chose to buy the Fortress solution rather than build the solution internally. Fortress deployed its advisory team to implement an on-going risk management program while Fortress’ delivery team deployed managed services to execute all the facets of the program. Fortress’ managed services included both technologies to manage (automate and orchestrate) the program, but also dashboards, continuous monitoring and threat intelligence to mature the capabilities of the program.

OUTCOMES

  • Built security framework and obtained broad stakeholder buy in across organizational silos. The final framework was NIST adopted to the specific needs of the business.
  • Implemented and managed vulnerability management and third-party risk programs focused on critical OT assets. The risk-based programs designed, staffed and managed by Fortress included identifying high risk assets and vendors, assessing same for control weaknesses and vulnerabilities and resolving identified findings directly with the business owners and vendors.
  • Implemented dashboards to benchmark and communicate findings and remediation obstacles to stakeholders. The dashboards were enabled by the Fortress Platform. The All findings from asset and vendor vulnerability and control assessments were logged and managed into the Fortress Platform.
  • Met six-month deadline! Fortress had all of the solution components in place enabling it to move quickly. Also, as an expert in critical infrastructure, the assets and vendors were well-known, and Fortress hit the ground running.

Connect with us

 

Talk with Fortress today about how to manage risk and get better performance and compliance across your enterprise! Set up an appointment to speak with a representative.

 

189 S Orange Ave #1950, Orlando, FL 32801

407.573.6800

sales@fortressinfosec.com


View More Resources Here

Board Brief: What’s the Lesson from the Equifax Breach? 1
Utilities
Board Brief: What’s the Lesson from the Equifax Breach? 2
Transportation
Board Brief: What’s the Lesson from the Equifax Breach? 3
Healthcare
Board Brief: What’s the Lesson from the Equifax Breach? 4
Finance
Board Brief: What’s the Lesson from the Equifax Breach? 5
Energy
Board Brief: What’s the Lesson from the Equifax Breach? 6
Additional Industries
Board Brief: What’s the Lesson from the Equifax Breach? 7

Board Brief: What’s the Lesson from the Equifax Breach? 8 Board Brief: What’s the Lesson from the Equifax Breach? 9 Board Brief: What’s the Lesson from the Equifax Breach? 10

189 S Orange Ave #1950, Orlando, FL 32801
(407) 573.6800
sales@fortressinfosec.com

COPYRIGHT © 2019. FORTRESS INFORMATION SECURITY. ALL RIGHTS RESERVED. PRIVACY POLICY

PRESS RELEASE

FORTRESS LAUNCHES INNOVATIVE COLLABORATION TO HELP PROTECT THE POWER GRID FROM CYBER THREATS

Emerging Risk Brief

ASSET RISK MANAGEMENT - FOR PORT AUTHORITIES

Advisory

5 STEPS FOR AN EFFECTIVE THIRD PARTY VENDOR RISK PROGRAM

White Paper

CIP COMPLIANCE – UPDATES, ENFORCEMENT AND PRACTICAL IMPLEMENTATION

Advisory

5 STEPS TO A STRONG VULNERABILITY MANAGEMENT PROGRAM

WHITE PAPER

NERC CIP COMPLIANCE

Subscribe to Fortress Newsletter

For breach reports, threat intelligence, regulatory
updates, cyber security news alerts and more,
sign up to receive the Fortress Newsletter.

Threat Advisory

Outdated Security Appliance Facilitates Denial-of-Service Attack on U.S. Grid

WEBINAR DOCUMENT

NERC CIP SUPPLY CHAIN SECURITY STANDARDS