COVER STORY
• Intelligence: Making security
less intrusive, more efficient and
empowering business, especially in
Digital Transformation
• Resilience: Cyberattacks are ever
more common, so the resulting
security incidents must be handled
by the organisation to assure
business continuously delivers
despite adverse cyber events
Utilising BitSight Security Ratings
EDP was introduced to BitSight through
its threat intelligence company. The
BitSight Security Ratings platform
provided the necessary external view of
its networks that EDP required. Issuing
daily ratings that are akin to a credit
score for security, BitSight Security
Performance Management helped EDP
take a risk-based and outcome-driven
approach to managing its performance.
This included broad measurement
tools, continuous monitoring and
forecasting. EDP as an organisation
values sustainability as one of its
biggest corporate objectives, and
ensuring cyber-resilience to protect
customers and employees is a big
part of this. The Security Performance
Management tool enabled it to achieve
this and reduce its cyber-risk.
52
EDP’s adoption of a metric based on
the BitSight Security Rating helped
define the group’s KPI around its overall
security performance. The specific
metrics included checking aspects such
as security of its own website, access to
its networks from dangerous locations or
communications coming from machines
infected by criminal networks. The EDP
group has achieved the proposed rating
objectives for 2018 and 2019.
Fast and efficient
information security
EDP’s dedicated global Cybersecurity
Incident Response Team (CSIRT) works
24 hours a day and participates in
national and international cybersecurity
exercises. The company tests its reaction
to occurrences of disruptive events,
driving awareness and training among
employees. This is where EDP saw
value through its Security Performance
Management tools as not only a reporting
tool around its own security posture,
but also to credibly communicate to
stakeholders and the market. This added
value to the organisation’s objectives
around sustainability.
Internal assessment
The CSIRT team utilises BitSight for
Security Performance Management to
monitor and receive real time infection
alerts to help work on fast remediation
within its own network. CSIRT also
works closely with the BitSight team to
ensure all relevant information, such as
details of all risk vectors, are shared and
continuous behaviours are monitored.
Benchmarking
BitSight’s consistent and transparent
rating system on all companies is an
important feature that allows EDP to
compare its performance to industry
peers and identify wider security issues.
The platform provides intelligence on
compromised systems, security diligence
and user behaviour risks that affect EDP
and its industry peers. This provides
EDP with the ability to see which
infections are targeting peer companies
for insight into industry-specific threats,
as well as understand security diligence
standards across its industry.
Another value to EDP is communicating
key indicators to the board and
demonstrate improvement over time as a
result of the remediation activities guided
by its security rating performance.
Executive reporting
EDP’s Sustainability Report provides
the main trends in each of its sectors,
the strategy adopted and the results
Issue 21
|
www.intelligentciso.com