12
è www.steria.com Steria: RightSecurity Services End to end outsourced security services in an output-based business model

Steria: Right security

Tags:

Embed Size (px)

DESCRIPTION

www.steria.com

Citation preview

Page 1: Steria: Right security

è www.steria.com

Steria: RightSecurity ServicesEnd to end outsourced security services in an output-based business model

Page 2: Steria: Right security

How do today’s businesses collaborate and communicate with total confidence in data

security? The fast pace of globalisation and advances like the Cloud have meant that it is

essential for businesses to share information effectively to be competitive in their sector. This

frequent exchange of information, internally and externally, has increased the potential risks

and threats to business – opening up online access to sensitive business critical systems,

networks and data. Data is increasingly mobile and problematic to secure as Cloud Application

Services and Mobile Computing become more prevalent. This mounting intensification of risk is

also coupled with heightening financial uncertainty and increasing pressure on budgets.

The challenge: To deliver more for less

All these factors mean that the current challenge to businesses and organisations is to achieve more, a lot more, for less. But cost cutting can be disruptive and risky; and neither is acceptable when considering the security of a business or organisation.

Steria’s industrialisation experience combines with security expertise to rise to the challenge – increasing security management and delivering demonstrable value for money.

The right balance at the right price. That’s the beauty of Steria: RightSecurity Services. The portfolio is the first end to end, outsourced security services offer to be available in an output-based business model. As such it provides a flexible, intelligent solution to modern day security headaches, based on reusability and industrialisation to reduce costs, as well as continuously improving the efficacy of security management. At Steria, we can get the balance right; too much security is unnecessarily costly and too little is risky to your infrastructure and reputation. RightSecurity Services are bespoke and ‘fit for purpose’, enabling businesses to take advantage of all the opportunities that come from interacting with business partners, customers, suppliers and the public – but with all the peace of mind that comes from tailored security. You simply choose the services that best suit your organisational needs and pay for them on a pay-per-use basis.

è www.steria.com02 | Steria - Managed Security Services

Page 3: Steria: Right security

Staying ahead of threats and detecting problems before they happen

Once the damage is done, detecting problems after the fact is futile. That’s why, to manage

security efficiently, potential incidents and risk areas must be identified and prevented before

they happen. Organisations need to employ effective Risk Governance to stay ahead of the

threats and potential incidents at all times.

Each organisation has its own particular security needs and perceived level of security protection. Factors determining these different needs include; industry type, geographic location, the political landscape, the degree and nature of malevolent activity, sensitivity and mobility of data, quality of internal systems, operational culture and effectiveness of existing security systems. Balancing the right level of protection with tangible best value is a challenge.

Risk Governance ensures effective:

• �Identification and assessment of risks – the nature of a potential hazard, the probability of an incident occurring and the Impact to the business or organisation of such an incident.

• �Management of risks – planning to prevent incidents, design, build and deployment of security systems and operational management and control.

• �Communication of risks – awareness and training; reports and dashboards.

Steria: RightSecurity Services | 03 è www.steria.com

Page 4: Steria: Right security

A new way of enabling businesses, a new way of purchasing IT security

Steria’s IPPCoR methodology for risk governance comprises:

• Risk Identification.

• Prevention Planning.

• Protection Deployment.

• Control and Management.

• Reporting, Measurement and Communication.

04 | Steria: RightSecurity Services è www.steria.com

The RightSecurity Services portfolio offers a radical new alternative to the way companies buy IT

security. Until now, choosing and implementing security measures has required a project-based

approach, often involving bespoke consulting and project management services. In tandem with

this service strategy, Steria’s RightSecurity Services provides another option by which, in effect,

security services can be bought ‘off the shelf’, and including an inherent toolset to enable clients

to monitor their real-time financial consumption against their security deliverables.

For companies that have retained security in-house, the challenge has been to build a sophisticated level of knowledge and assume additional risk when ‘betting’ on the accuracy of their assumptions and knowledge. By leveraging our own knowledge and experience, we have packaged our security management expertise and developed an associated core, expert methodology that provides protection for our clients, and guarantees prices and outcomes for each service.

This core methodology is called IPPCoR, which defines policies, processes and procedures and provides automated execution and governance. This enables businesses to consistently and effectively map some or all of the Steria: RightSecurity Services catalogue to protect their data, systems, network infrastructure and hard-earned reputation.

£

Page 5: Steria: Right security

Identity and Access Management

Web Application Security

Workplace Security

Application Security

Infrastructure Security

New Technology

Extended Enterprise Security

Cloud Security

Control and Management

SECURITY AND RISK GOVERNANCE

REPORTING AND MEASUREMENT

COMMUNICATION

Risk

Iden

tifica

tion Prevention Planning

Protection Deployment

Risk IdentificationIT Security Risk Management

Prevention PlanningPolicy and Standards Management

Security Strategy and Management Support

Business Continuity Management

Security Service Design

Data Classification and Regulation

Protection DeploymentSecurity Process Management

Security Service Build and Implementation

Security Contribution to IT Projects

Security Intelligence

Control and ManagementSecurity Audit

Compliance

Vulnerability Assessment

Vulnerability Intelligence

Log Management and Archiving

Security Incident and Event Management

Filtering and Firewall Management

Secure Communications (VPN)

Network Intrusion Detection and Prevention

(NIDS/NIPS)

Email Security

Web Security

Host Protection

Reporting, Measurement and CommunicationSecurity Awareness and Communication

RightSecurity Steering

Dashboard Management

*Managed Security Services

Steria: RightSecurity Services | 05 è www.steria.com

Page 6: Steria: Right security

IPPCoR – flexibility without sacrificing the quality of the deliverablesOur proven IPPCoR methodology is the mechanism by which Steria achieves the right balance

of security expertise with industrialised best practices, tool automation and robust re-use.

This allows businesses to measure the value of their security costs. Based on ISO 27001

and CISM principles, the methodology maps key security functions onto a framework. It

then deconstructs those functions into activities and modular services to deliver guaranteed

deliverables at fixed prices.

The welcome flexibility of IPPCoR allows proactive participation from businesses at all stages of the security lifecycle. As a client, you can start anywhere and go anywhere within the methodology. So, you can work in the way that best suits your own working practices – without sacrificing the quality of the deliverable – while protecting your investment in existing security systems, processes, procedures and artefacts. Its flexibility extends to enabling broader security requirements to be blended into a combination of project-based and consulting led engagements, in tandem with the RightSecurity Services catalogue.

In practice, Steria can act as a fully resourced in-house security department. Think of it as a sophisticated shopping basket – you choose the exact items you need which means you know exactly how much you’ll pay. This provides clear units of work and gives full visibility of security operations because every single item is bound to a resource unit.

IPPCoR provides a structured – yet flexible – approach to security:

• Effective risk governance.

• Full visibility and continuous improvement through effective reporting, measurement and communication.

• Effective and practical security management at an optimised cost.

• Continuous improvement.

06 | Steria - Managed Security Services è www.steria.com

Page 7: Steria: Right security

Steria: RightSecurity Services – getting the business benefits right

Steria: RightSecurity Services | 07 è www.steria.com

The RightSecurity Services portfolio provides foreseeable costs and delivers tangible value for

money. It is designed, implemented and managed like any other service, reducing the need for

major capital outlay and using predictable pay-per-use pricing – a certain cost in a very uncertain

world. This gives both capital expenditure and operating expenditure benefits. Utilising a core

methodology (IPPCoR), extensive delivery experience and leading technology partnerships, such

as RSA, RightSecurity Services:

• Enables secure interaction with partners, citizens, customers and suppliers.

• Provides predictable costs and demonstrable value for money linked to business outcomes.

• Offers pay-per-use pricing, cutting capital expenditure and improving financial management.

• Reduces reputational risk by avoiding negative incidents.

• Keeps organisations and businesses legal and compliant.

• Delivers ‘security-as-a-service’, which avoids capital outlay on costly management tools and applications.

• Provides reusable artefacts to support Steria clients, plus benchmarked best practice and a shared service delivery centre, which has an established Security Operations Centre (SOC) embedded.

Page 8: Steria: Right security

Why Steria can be trusted to deliver time after time

08 | Steria: RightSecurity Services è www.steria.com

With more than 40 years’ experience and recognised security know-how, we provide methodical

and comprehensive services based on best security practice and standards. As a leading

IT Service Integrator, providing a broad range of IT services, from infrastructure through to

applications and full BPO, we have a long track record in helping major organisations to improve

business processes without affecting their day-to-day operations. We don’t just manage

expectations – we aim to exceed them every time.

The ‘more for less’ conundrum

When the challenge for companies is to expand the scope of their security provision, yet the constant downward pressure on budgets means there is little in the way of additional investment to address that challenge, a new approach may be the answer. The Steria RightSecurity Portfolio gives true visibility and management of the true cost of security with pay-per-use services. These services have been industrialised using specialist, shared resources to optimise the cost of delivery and to maximise effectiveness; more cover for less than you might expect. Simple.

Page 9: Steria: Right security

Underpinning this service is an array of wide-ranging security expertise. This includes:

• Identity and Access Management.

• Application Security.

• Web Application Security.

• Infrastructure Security.

• Workplace Security.

• Cloud Security.

• Extended Enterprise Security.

• New Technologies.

Steria: RightSecurity Services | 09 è www.steria.com

Page 10: Steria: Right security

How does RightSecurity fit in with Steria’s broader Security Services portfolio?

More than 400 highly qualified information security professionals deliver our range of security

activities with extensive knowledge and experience of working with several security standards.

From high-end consulting to system build and run, our broad-ranging solutions cover diverse

security needs, including the provision of security for infrastructures, applications and data.

Leveraging these Security unique capabilities and in line with our flexible proposition, clients can choose to work in partnership with Steria via projects or by means of the RightSecurity Services portfolio. Service components in each model may be interchangeable; so clients might opt for a blend of delivery models across their security requirements – the introduction of pay-per-use services is designed to leverage Steria’s expertise to enhance the range of choices available to clients, where:

• In a service-based engagement, we’ll apply our IPPCoR methodology to make sure that services match clients’ policies as well as industry best practice. When the service conditions are in place, deliverables and price are then agreed and the services are instigated.

• In the case of fixed cost projects, outcomes are agreed with the client and a Statement of Work (SoW) is made. The methodology used is then agreed with clients from a number of industry standards.

10 | Steria: RightSecurity Services è www.steria.com

Page 11: Steria: Right security

è www.steria.com Steria: RightSecurity Services | 11

Achieve peace of mind, flexibility and cost savings with Steria: RightSecurity Services

Pay-per-use pricing reduces Capex and Opex and improves financial management. For more information about services, please refer to the RightSecurity Services catalogue.

The scope of service, the depth and breadth of delivery and pay-per-use pricing structure make RightSecurity a unique service offering. Steria offers a comprehensive audit and assessment and will recommend a transition roadmap to RightSecurity Services, if suitable.

Page 12: Steria: Right security

About Steria: www.steria.com

Steria delivers IT enabled business services which help organisations in the public and private sectors operate more efficiently and profitably. By combining an in depth understanding of our clients’ businesses with expertise in IT and business process outsourcing, we take on our clients’ challenges and develop innovative solutions to address them. Through our highly collaborative consulting style, we work with our clients to transform their business, enabling them to focus on what they do best. Our 20,000 people, working across 16 countries, support the systems, services and processes that make today’s world turn, touching the lives of millions around the globe each day.

Founded in 1969, Steria has offices in Europe, India, North Africa and SE Asia and a 2010 revenue of €1.69 billion. 20 percent of Steria’s capital is owned by its employees. Headquartered in Paris, Steria is listed on the Euronext Paris market.

43-45 Quai du President Roosevelt

F-92782 Issy-Les-Moulineaux cedex, France

Tel: +33 1 34 88 60 00 Fax: +33 1 34 88 69 69

For further information about our services visit www.steria.com

Steria GISL_SRSS01/March 2012

Steria is committed to supporting a sustainable world and is Certified Carbon Neutral for Flight and Fleet Travel


© Steria Steria and Corporate Responsibility (CR) Managing our business responsibly

© Steria Steria and Corporate Responsibility (CR) Managing our business responsibly

Documents
Intentions de vote IDF - Ipsos / Sopra Steria

Intentions de vote IDF - Ipsos / Sopra Steria

Government & Nonprofit
Steria & Issygrid (English)

Steria & Issygrid (English)

Technology
Effective Enterprise Java Johannes Brodwall Chief scientist, Steria Norway

Effective Enterprise Java Johannes Brodwall Chief scientist, Steria Norway

Documents
Steria Intern Report

Steria Intern Report

Documents
Effective Enterprise Java Johannes Brodwall Chief scientist, Steria Norway

Effective Enterprise Java Johannes Brodwall Chief scientist, Steria Norway

Documents
Steria: Workplace On Command

Steria: Workplace On Command

Technology
Steria : Transforming public services to achieve more for less-

Steria : Transforming public services to achieve more for less-

Business
Steria Corporate Responsibility

Steria Corporate Responsibility

Business
PowerPoint-Präsentation · a Sopra Steria company . it-economics 0 a Sopra Steria company . it-economics a Sapra Steria company TOP ARBEITGEBER MITTELSTAND BEST OF 201 S GREAT PLACE

PowerPoint-Präsentation · a Sopra Steria company . it-economics 0 a Sopra Steria company . it-economics a Sapra Steria company TOP ARBEITGEBER MITTELSTAND BEST OF 201 S GREAT PLACE

Documents
What are the five key principles - Sopra Steria UK

What are the five key principles - Sopra Steria UK

Documents
Steria : Smart cities will be enabled by smart IT

Steria : Smart cities will be enabled by smart IT

Technology
Steria: Systems and solutions for safer communities and borders

Steria: Systems and solutions for safer communities and borders

Business
SOPRA STERIA - 2019 Passing Out Batch (Only for Unplaced ... · SOPRA STERIA - 2019 Passing Out Batch (Only for Unplaced & Eligible Students) Company SOPRA STERIA Website Batch 2019

SOPRA STERIA - 2019 Passing Out Batch (Only for Unplaced ... · SOPRA STERIA - 2019 Passing Out Batch (Only for Unplaced & Eligible Students) Company SOPRA STERIA Website Batch 2019

Documents
Steria : Insurance expertise and technology leadership

Steria : Insurance expertise and technology leadership

Technology
HTML5 for Graduate Gathering in Steria

HTML5 for Graduate Gathering in Steria

Documents
Innovative city avec Sopra Steria

Innovative city avec Sopra Steria

Technology
Steria : Optimising efficiency in Healthcare

Steria : Optimising efficiency in Healthcare

Technology
2015 10 10 septembre sopra steria vdef

2015 10 10 septembre sopra steria vdef

Business
Steria corporate presentation - At the heart of digital transformation

Steria corporate presentation - At the heart of digital transformation

Technology
Steria : Managing information for success

Steria : Managing information for success

Business
The Sopra Steria Start-up accelerator programme · About Sopra Steria Sopra Steria is a European leader in digital transformation providing one of the most comprehensive portfolios

The Sopra Steria Start-up accelerator programme · About Sopra Steria Sopra Steria is a European leader in digital transformation providing one of the most comprehensive portfolios

Documents
Sopra Steria Transport solutions brochure

Sopra Steria Transport solutions brochure

Documents
Www.steria.co.uk © Steria Steria in Utilities We Go Beyond Copyright Steria 2010

Www.steria.co.uk © Steria Steria in Utilities We Go Beyond Copyright Steria 2010

Documents
Steria : Powering a low carbon economy

Steria : Powering a low carbon economy

Technology
Steria France implements France’s first energy

Steria France implements France’s first energy

Documents
Intentions de Vote NDPC Picardie - Ipsos Sopra Steria

Intentions de Vote NDPC Picardie - Ipsos Sopra Steria

Documents
Steria Case Study

Steria Case Study

Technology
Sopra steria referenderm_presentation

Sopra steria referenderm_presentation

Documents
We are Steria Recruitment . .

We are Steria Recruitment . .

Recruiting & HR