As the complexity and frequency of Cyber Threats increase, with the significant damage they have inflicted on organisations and industry, it is no longer possible to treat Cyber Security as purely a technology problem. Without a change to the approach, there is the risk that the current reactive response to Cyber Security will remain, leading to poor investment and continuous post incident response.
The current operating environment is seeing businesses falling victim to internal and external actors causing serious interruption and damage, which is proving expensive to rectify and, in some cases, fatal to the business.
At Cathara Consulting, we work with Organisations and their Board of Directors to evolve their understanding and thinking on how Cyber Security becomes essential to business success and an assurance to business continuance. Utilising our global best practice framework we work at the Board and Senior executive level to educate and facilitate the relationship between Business Strategy and management of Cyber Security risk.
We help Organisations become proactive by drawing a clear line from their strategic goals, their core business attributes and the understanding on how they enable their business operating model. We then establish a prioritised roadmap, based on value and risk, to ensure Cyber Security enables core business and becomes an essential element to ensuring the successful execution of the business strategy. Technology is then the last item to address.
Major online gaming company
Regulatory Compliance Project
Cathara Consulting was engaged by a major online gaming company to design and implement an Information Governance environment and corresponding Information Security controls to ensure compliance with stringent national and international legislation.
The online gaming environment presented an interesting challenge, with inhouse leading-edge development and support of core Cloud-based products with a 24/7 up time, complemented by customer services that are spread across the globe and have to adhere to a plethora of information security and privacy regulations.
This fast-growing company urgently required a set of complementary competencies to obtain a legally sound position in the event of a legal challenge to their gaming, financial, information security and data privacy capability.
The engagement commenced with an analysis of the various legislations and regulations to obtain an understanding of the nature of the clauses and conditions. Taking the most stringent versions of the requirements, a list of documentation, tools, activities and supporting technology was then compiled to enable the organisation to reach a defensible level of compliance.
Policies, procedures and standards were developed, held against requirements and discussed with key business and technology stakeholders. For an easy overview of the various documents, a taxonomy was created indicating the purpose of the policies, procedures and standards, and how they related to each other. They were categorised under Information Governance, Information Security, People and Support & Services.
As governance documentation and processes were finalised, implementation plans were developed to ensure effective embedding within the organisation. This included training and awareness sessions, and international video conference inductions. At the same time the supporting Technology solutions were evaluated against architectural considerations, selected and procurement processes initiated.
All these activities were managed against time and budget in close cooperation with the owner of the initiative, the Chief Technology Officer (CTO). This ensured that any obstacles to success could be overcome and compliance deadlines were met. Meanwhile, domain knowledge was available to answer any questions, both from within the organisation and from external compliance bodies.
All policies, processes and standards, while tailored to fit the organisation, conformed to the ISO27001 Information Security Standard.
The Information Governance and Security environment as designed and implemented was strategically based on the components People, Process, Information and Technology and adhered to the principles of Confidentiality, Integrity and Availability (CIA).
It successfully withstood a stringent audit by the Malta Gaming Authority (MGA) and was compliant with data privacy legislation laid down by the General Data Privacy Regulation (GDPR), the Australian Privacy Act, principles and the Notifiable Data Breach Scheme.
Executive praise was received for the way in which the environment was implemented, in the process laying the foundation for a full-fledged Information Security Management System (ISMS) while remaining aligned with company values and culture.
“The trust and confidence that Cathara’s staff have for them, their regular contact, and making themselves readily accessible, results in their maintaining a close knowledge and awareness of project and account activities”