Click here for
RELATED SERVICES

 Prevent Case Study.pdf

PREVENT: CASE STUDY


CLIENT GOALS

  • Stymie flow of proprietary information traveling outside the organization
  • Develop user-friendly and flexible security infrastructure to reduce future breaches
  • Train all employees to utilize customized security procedures

SITUATION OVERVIEW

A global sports equipment manufacturer was experiencing costly human-borne security infringements specifically due to:
  • Malicious activities performed by disgruntled and unethical employees
  • Inadvertent error by untrained personnel

Incidents included unauthorized dissemination of confidential salary, internal financial, and core proprietary information; introduction of viruses, Trojans, and worms into the network environment; laptop theft; proliferation of social engineering attacks, and suboptimal management of user account passwords.

With management change, employee turnover, and corporate acquisitions, there were no established integrated security procedures, training, or cultural awareness to ensure safe and efficient business operations.

Cost of exposure estimated at $2.8 million during 2-year period prior to engaging Eclipsecurity.

ECLIPSECURITY SOLUTION

Determining that the organization suffered from a broad-based, cross-functional and cross-hierarchical lack of security awareness, Eclipsecurity Chicago office designed, developed, and executed a customized Information Security Awareness and Training Program (ISATP). The customized enterprise-class ISATP involved executive level through line personnel of the following functions: General Management, Operations/Logistics, Manufacturing, Finance, Marketing/Sales, Customer Service, Human Resources, Information Technology, and Application/Systems. Training topics included:
  • Utilizing network vulnerability scanning and assessment best practices
  • Mapping and optimizing information flow within and beyond the organization
  • Preempting attacks by disgruntled employees
  • Preventing exposure to malicious software
  • Implementing Windows Server 2003 security
  • Fulfilling data privacy regulations
  • Foiling social engineering attempts and phishing attacks
  • Responding effectively to intrusions and security breaches
  • Enacting and enforcing established corporate security policies
  • Employing security configuration, patch management, and general server hardening practices

RESULTS

A team of Eclipsecurity consultants, in collaboration with the client, radically transformed the organization into a security-aware and insulated enterprise.

Additionally, the manufacturing executives signaled their commitment to information security by having Eclipsecurity train all employees on how to easily and continually conduct business safely.

  • With Eclipsecurity now as its full-service information security consulting preferred partner, the manufacturer has experienced an 85% reduction in human-borne security incidents.
  • Information security as the company's new core competency is leveraged across the organization to attract and qualify the best employees, business partners, and customers.
  • Eclipsecurity now services the client's most strategic and largest business partners and customers to ensure both upstream and downstream secure information flow.
 

RELATED SERVICES

   Prevent Service Menu
   Prevent: Security Training

BACK TO TOP