We changed our name from IT Central Station: Here's why

Enterprise Vulnerability Analysis - 2012, 2014, 2016 and 2018

Jairo Willian Pereira
Jairo Willian Pereira
Information Security Manager at a financial services firm with 5,001-10,000 employees

Project Description

Enterprise Vulnerability Analysis - 2012, 2014, 2016 & 2018

Over 15.000 active assets out|inside 10 companies belonging to the group, the biennium recurrent project mapped the real situation, in paralel with a photography of IT/Security maturity through three main domains: processes, people and technology.

2012 - 1 TOE (Target of Evaluation): Infrastructure assets only
2014 - 5 TOEs: Infrastructure, SAP (using Onapsis X1), Databases (SQL and Oracle in deep), Connectivity (Routers, Switches and Firewalls against/based CIS) and Web Application instances (partial pen-testing).
2016 - 3 TOEs: Penetration Test (against critical application), Internet Branding (Reputation, News & Critical Tags) and Phishing Scam (from CIO to interns).
2018 - Probably IGA/IdM/Credentials for the 5 most critical systems: SAP, AD, Unix, DBs and Telecom devices (webservices, sockets and APIs in the 2nd-Wave).

This project, endossed by Holding, assessored/designed by internal iSecTeam and executed impartially and externally by some Big4 (one by RFP), outlines how organizational Governance, Risk and regulatory Compliance inside ITO/BPO needs will be addressed through a "Plan-Do-Check-Act" approach to a Vulnerability and Continual Service Improvement Mgmt Program.

Lessons Learned

It would reduce complexity and the initial scope (for faster corrections and partial deliveries).

Highlights

Under budget
Received recognition / award
Support from colleagues

Difficulties

Large no. of people impacted
Hard to meet schedule

Products Used

Technical Skills Used

  • Unix
  • Windows
  • SAP
  • Telecom Devices
  • Applications
  • Operational Systems

Technical Certifications

  • LPIC
  • MCSE
  • Security+

Awards

  • Project Recognition
  • Campinas (BR)-22.9056-47.0608