Requirement

Assist one of North America’s largest e-commerce providers in developing a comprehensive cybersecurity program.

Issues

The client was experiencing strong growth with their industry leading SaaS platform offering, but were also concerned about growing cybersecurity threats that could damage their product offering, and their reputation.

Senior leadership wanted a comprehensive cybersecurity program developed from the ground up - and within sixty (60) days.

Additional issues for the client

No Experience with Cybersecurity: Other than having two network administrators on hand, there was no real understanding, experience, or awareness on the broader topic of cybersecurity.

No Cybersecurity/Compliance Officer: The client had nobody formally in charge of cybersecurity or compliance, as a result, their exposure to cybersecurity compliance requirements was non-existent.

Missing Compliance Culture: Regulatory compliance was never high on the list in terms of organizational importance. Additionally, management often questioned why such a heavy investment in time and money was necessary.

Solution

Centris deployed a team of cybersecurity experts that successfully accomplished the following:

• Defined project scope and client participation.
• Agreed upon an industry leading cybersecurity framework to utilize (i.e., NIST).
• Identified all control gaps and recommendations for remediation.
• Completely reviewed all InfoSec documentation and began authoring new cybersecurity specific policies and procedures.

Outcome

• Built and deployed an extensive NIST focused cybersecurity program - complete with policies, procedures, and processes.
• Created a true culture of compliance where employees now understand and value information security, cybersecurity, and data privacy.
• Implemented a continuous monitoring program for ensuring cybersecurity controls are properly monitored long after the consultants are gone.

Duration: 2 Months