Cyber CBS Compliance

Technology

01 Dec, 2023

Innovation

Tech

Cyber Security

Security Controls

Market

Global

SERVICE LINE

Technology VOIS

IMPLEMENTATION PERIOD

2023

KEYWORDS

SPIRIT BEHAVIOURS

Cyber Security Strategies, Cyber Security Baseline, Security Controls, Security Services

The cyber security baseline is an evidence-based assessment to standardise security controls across multiple domains aligned with the Vodafone and cyber security strategies. Cyber Group Entity must lead by example and resolve many critical issues within a limited time to maintain and improve the security and risk posture. While we implemented Cloud services brokerage (CSB) a few years back, it has limitations and needs improvement.

Challenges and Solutions

Challenges

The Cyber CSB team noted a deficient system for configuration management database (CMDB) and Unified access management (UAM) systems with control gaps. The time and cost to develop an approved system were very high. The issues were related to a complex and dynamic CBS framework with limited enterprise architecture framework alignment and a complicated operating and network environment with legacies, multiple inter-dependencies, and no CMDB. There were unclear compliance purposes, asks, requirements, and timelines that were without guidance as needed at different levels of the organisation.

Solutions

As a resolution, the CBS team opted for a multi-path plan to help resolve the complex challenges faced within the organization. We leveraged our existing tools and automation to develop our integrated asset inventory. We automated the UAM system with flows for verification, approval, and validation, reducing our regular manual assessments to less than 10% of the original effort required.
We provided training and guidance to implement efficient controls for the ground-level teams. We are an active member of the Cyber Policy and Risk Councils, and we help review and update policies at creation/review for easy implementation. We explained controls and policies with more granular requirements and how they address risk during implementation, review, and internal audit exercises to the management and all working groups. We enabled a systematic approach to present accurate risks and coordinated mitigation actions. We provided advice and became a CoE for compliance with internal and external audit and regulatory requirements. The Cyber CBS team enabled and implemented security controls with robust processes, reducing cyber risk significantly for the organization and our customers. Due to the pre-emptive approach used by the Cyber CBS team, we established a cyber entity as a leader and established controls to set an example for other markets and entities.
Implemented the hardening control (combined IT, Network, and Cloud); and the first Group entity to cross the CSB milestone set for March 2023 in Aug 2022 by achieving a 4.03 overall average score and assessed as compliant on 42 of the 42 controls targeted for the year.

Value and Impact

Ensured compliance with regulatory requirements.

Led several markets and entities to subscribe to group security services to achieve their control targets.

Enabled SharePoint to store the current data to save time and effort.

Set the received data for validation that it is recyclable for different uses.

Enabled transparent and visible processes.

Enabled implementation, successful audit assessment, and assurance for all applicable super controls.

Network Compliance (VCI_IN Network) - IT Operations

At VOIS, we always establish robust firewall rules and network security that prevent unauthorised access to our network. We inspect incoming and outgoing traffic using security rules to identify and block threats.

Technology

| 01 Dec, 2023

Intelligent Ticket Routing - IT Platforms and Automation

We created the Intelligent ticket routing tool for Vodafone Germany and VOIS Egypt to eliminate the complex manual work of our colleagues in the GSL Business Technology team with a zero-touch operation to save their valuable time and effort.

Technology

| 01 Dec, 2023

Intelligent Dispatching Tool - R1

Our Incident Management teams partnered with Vodafone Germany and built a database-to-database connection as a web-based application for fast, automated dispatching techniques, eliminating manual operations where there were delays. Our Intelligent Dispatching (DB) tool is connected to remedy any issues through Amazon Web Services (AWS) data migration services to get all relevant tickets and then pass those tickets to our logic and dispatching algorithm.

Social