Advisory

Cybersecurity

Transform your existing information security into an agile and vigilant operation to protect your enterprise and minimize your risk of loss.

TopBar cyber security lock BottomBar
Top Story

AI-based Cybersecurity Policy Review

According to the Cloud Security Alliance Report on third-party risk, 57% of respondents have experienced a breach or attack via third parties. 39% identified business partners, subcontractors or IT service providers as responsible for the incident. This is because organizations have lax cybersecurity policies which are individually interpreted from leading standards. Comparing policies and procedures – whether within corporations, in M&A situations, or to align with service providers – takes several months and requires a six- to seven-figure budget.

To solve this problem, ISG developed ISG Security Policy and Procedure Review Tool, an AI-based approach that semantically compares masses of text information, reducing reading time and improving the quality of comparisons. The tool can save up to 70% of manual work in a single project and up to 90% in repetitive comparisons.

Learn More

Cybersecurity Solutions & Strategy

ISG understands the complexity of your organization and its partner ecosystem – which is why we take a holistic approach to bolstering your cybersecurity now and in the future.

ISG can help you:

  • Assess and benchmark security across your enterprise and ecosystem
  • Create a cybersecurity strategy and actionable roadmap
  • Find and negotiate successful relationships with domain-specific security providers
  • Maximize third-party management and governance to ensure provider security, segregation of duties and compliance
  • Reduce human-factor cybersecurity risks through psychology-based Security Awareness Education
  • Perform vulnerability assessments and remediation activities
  • Establish a cybersecurity center of excellence and security communities of practice
  • Enable transformation with a cybersecurity operations and management model

Cybersecurity Strategy & Assessments

In an increasingly connected economy, the importance of cyber security and risk management rises. You need to validate, re-orient and re-align your cybersecurity strategy.  

Assess your capabilities and maturity with an ISG assessment built off of industry-leading frameworks (e.g., NIST CSF, CIS Top 20, ISO) and market-leading benchmark data. We’ll help you baseline your maturity levels and develop transformational roadmaps to move up the maturity curve.

Sourcing Cybersecurity

Outsourcing cybersecurity tools and services on a stand-alone basis or as embedded services can be essential in times of scarce resources and increasing professional and advanced persistent threats. 

When sourcing operational services, your chosen partner’s compliance with your corporate information security controls, policies and standards impacts your cyber security’s resilience. Managing your transaction and transition means carefully segregating duties between your organization, your partner and its internal governance.

Transform your Cybersecurity with Digital Operations

Re-directed strategy, digitization approaches and sourcing of services and tools let you achieve the expected value leveraging holistically managed transformation measures. Digital tools and services improve efficiency and lower failure rates. End-to-end business processes and connected or digital products require extra-vigilant security protocols. 

ISG knows the market best practices. We’ll enable your successful digital transformation with a cyber security operations and management model. 

 

Cybersecurity Compliance

Compliance with cybersecurity regulations is vital for safeguarding sensitive information, protecting against cyber threats and maintaining trust with customers. ISG Compliance Assessments evaluate organizational maturity, propose improvement measures and offer implementation support for closing gaps against regulatory requirements and industry best practices such as GDPR, CCPA, NIS2, DORA, ISO 27001, NIST and others. Let us guide you towards seamless compliance and risk mitigation.

Check out our NIS2 compliance evaluation tool to assess your preparedness quickly.

German Version>   English Version>   French Version>

Client Stories

User and Entity Behavior Analytics Anomaly Detection At Scale

Oct 27, 2022, 17:08 PM
ISG helps a multinational insurance company achieve anomaly-based risk detection using user and entity behavior analytics (UEBA) technology.
Title : User and Entity Behavior Analytics Anomaly Detection At Scale
Alternate title :

The Cyber Defense Center (CDC) of a large insurance company was interested in a user and entity behavior analytics (UEBA) solution. Its goal was to build a new capability to detect insider threats. It also wanted to be able to perform anomaly detection at scale.

The insurance company brought in ISG to lead a proof of concept and enable management of a central UEBA strategy decision. Ultimately, this resulted in the company deciding that their upcoming security information and event management (SIEM) request for proposals process should include UEBA in the same contract.

First, ISG helped to align stakeholders on how to measure return on investment (ROI) in this space. One of the main indicators of ROI within the cybersecurity domain is the measured risk that any particular investment (tool or technology) mitigates.

Compared to most security tools that only create value after finetuning has been done, a UEBA solution utilizing machine learning is always continuously learning the behavior of users and assets within its environment. This means that the better the baseline of the solution is, the fewer false positive alerts it has.

In order to provide the company with a structure for making the management decision regarding a central UEBA strategy, ISG led the following activities:

  • We defined, aligned and documented the company’s requirements for a UEBA solution based on key CDC stakeholder input.
  • Then, ISG presented on and aligned the CDC requirements to ISO standards, the data protection officer (DPO) and the workers’ council department to define and document potential limitations.
  • We conducted a proof of value with a vendor. Finally, we helped the company evaluate results to enable the management decision on a central UEBA strategy.
Categories :
  • Cybersecurity
  • Insurance
Article flags :
Cybersecurity-Behavior-Analytics
    Load more comments
    Featured Event

    Future Workplace Summit (New York)

    Discover the tech, strategy and cultural shifts to optimize your workforce & get ready for what’s next.

    Learn more

    Meet our team

    Contact the ISG Cybersecurity Team