Going Above & Beyond in the Transportation Industry


Cyber Security Review (CSR) Case Study

30 June 2022

Case Studies Assessments Cloud Security Transport

Case Study: At a Glance

Challenges:

  • Preparing to go public
  • New CISO
  • New Information Security team
  • Cloud-based infrastructure
  • Presentation to the Board of Directors

Results:

  • Initial assessment: 1.26
  • Benchmark score for top SaaS companies: 3.53
  • Presented maturity scores and recommendations
  • Board provided funding to improve security posture
  • Improved maturity score: 2.17

Services Rendered:

  • Cyber Security Review (CSR)

Situation

The client, a transportation company, is a leader in leveraging technology to meet customer needs. The Chief Information Security Officer (CISO) was new at the time and was establishing a new Information Security team while preparing for the company to go public. The CISO's goal was to grow the company beyond the transportation industry and benchmark the company against leading SaaS companies.

The client worked with NCC Group experts to understand its security posture and how it led to their goal.

  • Working with a new CISO and a new Information Security team
  • Preparing for the cloud-based infrastructure, whereas partners used its services for customers
  • Assessment findings and recommendations were to be presented directly to the Board of Directors

Task

The client engaged NCC Group to conduct Cyber Security Reviews (CSR) of their environment, which included a threat modeling exervise followed by a National Institute of standard and Technology (NIST) Cyber Security Framework-driven (CSF) controls maturity assessment. The initial engagement expanded into similar assessments for the company's acquisitions. Annual follow-ups were established to track improvements in security posture and updated recommendations.

Action

NCC Group worked with the client technology and security leadership to conduct a collaborative CSR. The assessment was performed through the dual lens of transportation and SaaS while strategizing a roadmap that could deliver measurable improvements in the year before the client went public.

  • Established business context of regional and global vision, culture, risk appetite, and resource constraints
  • Performed business-focused threat modeling to identify relevant threat actors and attack vectors targeting critial business applications
  • Performed NIST CSF-driven maturity-based controls assessment
  • Defined current state of security measures and identified gaps
  • Presented a detailed report with recommendations to the Board of Directors

Results

  • The client was initially assessed at 1.26 of cybersecurity maturity
  • The Benchmark score for top SaaS companies was 3.53
  • Maturity scores and recommendations were presented to the Board of Directors
  • The Board agreed with the provided suggestions and provided funding for several initiatives to improve the organization's security posture
  • The client was reassessed at an improved maturity score of 2.17 after successful implementation of NCC Group recommendations

Download this case study or learn more about Cyber Security Reviews (CSR).

Doing research on CSR? Download this case study, learn more, or reach out to a cyber security expert to see how CSR could work for your business.

Learn More Download the Case Study Reach Out