Analysis of key risk areas and current best practice for core digital systems.

Faced with increasing legislative requirements and a complicated IT service hit by sophisticated Cyber Security and Privacy threats, Generali asked us to help them understand the key risk areas and current best practice for their core digital systems.

Although they were required to undergo frequent audits at an enterprise level, these audits tended to look at general controls or topics, and Generali identified the lack of review of the end-to-end processes for six core business systems.

They recognised the importance of engaging a specialist independent organisation to conduct this review and provide the validation of risk level required to ensure full transparency for their customers and satisfy regulatory bodies.

“The specialist expertise and skills presented by the Leading Resolutions team enabled us to cut through what was a highly complex and challenging piece of work. With high expectations and visibility from our board, they delivered speed and accuracy that we would never have been able to achieve ourselves.”

Given the sensitive nature of the data being managed within Generali’s core systems, we recommended an approach based on the NIST Cyber Security Framework (CSF). This would provide Generali with consistent output across all systems with regards to cyber security risk management and opportunities for improvement. In addition, we reviewed each system’s compliance with GDPR to ensure there were no areas of concern.

We undertook a three-step approach based around the NIST Cyber Security Framework: core system documentation review, site visits to look at the systems and assessment of the contractual positions.  We also conducted a cradle-to-grave view for one business critical system.

The Solution

We documented the assessment findings too and delivered a core application review report for discussion with the Board.  ​The report provided a high-level overview of the risks identified and led to the approval of a number of cybersecurity and governance initiatives. It also informed Generali of any systems that required a more detailed assessment and analysis.

Mapped risks to NIST Cyber Security Framework to create a core application risk register​

Approved cybersecurity initiatives: adoption of a standard software development life cycle (SDLC), introduction of a security incident & event management system, Vendor Manager and Security Officer recruitment and enhanced governance measures​