Problem

A large Oil & Gas company had concerns about maintaining supply chain risk resilience and managing cyber security risks across its increasingly complex third-party network. As cybercriminal groups targeting the industry is on the rise, this is a very real issue. The company lacked an effective supplier onboarding process, and therefore had no clear understanding of its suppliers’ inherent risk. Key risks identified included:

  • Failure to properly assess and understand the risks and direct and indirect costs involved in third-party relationships
  • Failure to perform adequate due diligence and ongoing monitoring of third-party relationships
  • Entering into contracts without assessing the adequacy of a third party’s risk management practices

The company’s Board decided it would need to retain consultants to design, implement, and execute a more robust third-party risk management program using a variety of technologies and subject matter expert resources.

SOLUTION

Fortress deployed its advisory team to build upon and enhance the company’s risk management program while Fortress’ delivery team incorporated their technology and managed services to execute the program. Using its Data-Driven Risk Rank methodology and technology, Fortress classified the inherent risk of the company’s vendor population, then delivered comprehensive Security Risk Assessments on a subset of the most critical and high-risk suppliers. Fortress provided expert managed services, collecting, assessing, and reporting the risk management program through automated and orchestrated channels, giving the board full transparency and guidance throughout the process. Continuous monitoring, threat intelligence, and dashboards provided visibility to help mature the capabilities of the company’s cyber risk management program.

OUTCOMES

  • Built process for identifying cyber risk and resilience within the company’s complex supply chain, protecting both upstream and downstream.
  • Dedicated, highly qualified team of subject matter experts in place quickly, with ability to understand company’s supply chain risk starting on Day 1.
  • Flexible capacity planning model to mature the company’s cyber resiliency program.
  • Full transparency dashboards to benchmark and communicate program health and remediation obstacles to stakeholders. The dashboards were enabled by the Fortress Platform.

Want to find out how Fortress can solve
problems specific to your business?

Let's connect.

   Use Case: Leading Exploration Player Keeps the Drills Running by Avoiding Cyber Attack 1407.573.6800

 For Human Resources, please call  855.367.8737

   Use Case: Leading Exploration Player Keeps the Drills Running by Avoiding Cyber Attack 2sales@fortressinfosec.com

Contact Sales


View More Resources Here

Use Case: Leading Exploration Player Keeps the Drills Running by Avoiding Cyber Attack 3
Utilities
Use Case: Leading Exploration Player Keeps the Drills Running by Avoiding Cyber Attack 4
Transportation
Use Case: Leading Exploration Player Keeps the Drills Running by Avoiding Cyber Attack 5
Healthcare
Use Case: Leading Exploration Player Keeps the Drills Running by Avoiding Cyber Attack 6
Finance
Use Case: Leading Exploration Player Keeps the Drills Running by Avoiding Cyber Attack 7
Energy
Use Case: Leading Exploration Player Keeps the Drills Running by Avoiding Cyber Attack 8
Additional Industries
Use Case: Leading Exploration Player Keeps the Drills Running by Avoiding Cyber Attack 9

Use Case: Leading Exploration Player Keeps the Drills Running by Avoiding Cyber Attack 10 Use Case: Leading Exploration Player Keeps the Drills Running by Avoiding Cyber Attack 11 Use Case: Leading Exploration Player Keeps the Drills Running by Avoiding Cyber Attack 12

189 S Orange Ave #1950, Orlando, FL 32801
(407) 573.6800
sales@fortressinfosec.com

COPYRIGHT © 2019. FORTRESS INFORMATION SECURITY. ALL RIGHTS RESERVED. PRIVACY POLICY

PRESS RELEASE

FORTRESS LAUNCHES INNOVATIVE COLLABORATION TO HELP PROTECT THE POWER GRID FROM CYBER THREATS

Emerging Risk Brief

ASSET RISK MANAGEMENT - FOR PORT AUTHORITIES

Advisory

5 STEPS FOR AN EFFECTIVE THIRD PARTY VENDOR RISK PROGRAM

White Paper

CIP COMPLIANCE – UPDATES, ENFORCEMENT AND PRACTICAL IMPLEMENTATION

Advisory

5 STEPS TO A STRONG VULNERABILITY MANAGEMENT PROGRAM

WHITE PAPER

NERC CIP COMPLIANCE

Subscribe to Fortress Newsletter

For breach reports, threat intelligence, regulatory updates, cyber security news alerts and more, sign up to receive the Fortress Newsletter.

Threat Advisory

Outdated Security Appliance Facilitates Denial-of-Service Attack on U.S. Grid

WEBINAR DOCUMENT

NERC CIP SUPPLY CHAIN SECURITY STANDARDS