BUILDING A STRONG SECURITY FOUNDATION: A Nordic Telecom’s Journey towards an Effective 3-Year Security Strategy

SITUATION

A Nordic Telecom Operator had over a period of two years ramped up their headcounts within the security organization. The tasks for the local security team mainly consisted of resolving daily issues that where urgent and hence the team did not have the long term and strategic perspective ensuring that our customer was moving in the right direction and focusing on what security risks mattered the most. LEVEL7 was hired to help drive the definition of a 3-year security strategy, beginning with mapping of the existing practices and helping with prioritizing the activities needed to be maintained in addition to activities needed to be replaced.

WHAT LEVEL7
DID

By applying the NIST framework, LEVEL7 developed a unique methodology to assess the maturity levels and practice capabilities within different departments of the operator to capture as-is and to help drive organizational change needed to increase the levels of maturity within select security domains needed to achieve the defined 3-year strategy.

RESULTS

By applying the NIST framework, LEVEL7 developed a unique methodology to assess the maturity levels and practice capabilities within different departments of the operator to capture as-is and to help drive organizational change needed to increase the levels of maturity within select security domains needed to achieve the defined 3-year strategy.

Conducting interviews with stakeholders ranging from CEO to technical specialist across 3 markets and 10 departments

• Security capability mapping across the different departments
• Assisting in developing the security mission and vision
• Driving the definition of the overall security strategy and the strategic focus areas
• Development of KPIs and KRIs needed to review the strategy