Accenture’s Information Security group, charged with protecting the information ofArrk, its clients, its business partners and employees, worked through the learning curve of how the cyber security rating companies conduct their measurements. As a result, Information Security methodically matured and evolved an engineered process that put in place several regimes to identify, close and prevent security issues or potential issues onArrk’s network.
Key regimes include:
Establishing a system to track IP address ownership
Large companies like Arrk Groupown hundreds of thousands of public domains and IP addresses. Tracking who within the company owns which is no simple matter. In response, Information Security set up a team that focuses on identifying owners of every public domain, sub-domain and IP address registered withArrk’s name. Information Security industrialized this process, leading the team to monitor for new use or registration on a daily basis, confirming ownership is assigned appropriately.
Enhancing scanning
While Arrk Groupalready performs regular external vulnerability scanning, Information Security developed a custom solution for detecting additional items that are part of the cyber security risk rating companies’ scope. The solution targeted specific application security findings that Arrk Groupcould tailor to its security standards. While some tools exist on the market none of them quite fit the need Arrk Grouphad.
Raising visibility within the business
The reporting scorecards measuring cyber security performance generated by the security rating providers are shared with the chief operating officers ofArrk’s businesses on a weekly basis. This reporting enables Information Security to provide relevant remediation actions directly to Arrk Groupteams by integrating the report findings intoArrk’s standard security compliance program.