Problem

The airline industry has a particularly large cyber-attack surface with so many critical systems including maintenance, repairs & overhaul; on-board aviation; in-flight entertainment & connectivity; airport-based industrial controllers, ticketing and customer loyalty systems.  Each of the top 20 airlines has over 10,000 vendors and many have limited programs specifically addressing vendor-sourced risk.

One such airline has taken a step forward to securing their vendor base.  Given the monumental effort to mobilize risk mitigation in such a large and complex environment, automated & analytical approaches must be used. This airline turned to Fortress as a partner to achieve rapid program effectiveness.

SOLUTION

This airline and Fortress partnered to roll out a robust, third-party risk management solution on the Fortress Platform. The program objectives were to:

  1. classify vendors by business-impact risk
  2. create and monitor compliance in real time
  3. implement remediation processes

OUTCOMES

  • All 10,000 vendors were risk-ranked within 2 weeks and made available for browsing within the Fortress Platform.
  • Data & analytics were used to create an 80% confidence level in risk ranks. Remaining 20% confidence is obtained through manual processes.
  • Automated continuous cyber-security monitoring was put in place within 3 weeks for all vendors. This is a process where publicly-exposed vulnerabilities are detected and serves as an early-warning sign that a third party may have lax security controls.
  • Within 30 days, program guidelines were implemented into the Platform.
  • A three-phased, three-year approach was adopted.
  1. Phase 1 targets the top 10% critical vendors
  2. Phase 2 targets all high-risk vendors
  3. Phase 3 puts all vendors through the compliance program
  •  The top 10% critical companies were identified by overlaying the following:
  1. specific risk factors identified by the airline, cross-referenced to public and proprietary databases
  2. the automated business-impact risk ranks
  3. continuous cyber-security monitoring results.
  • Fortress Platform maintains all records and evidence, orchestrates workflow and provides real-time, self-service data exploration and dashboards.

Want to find out how Fortress can solve
problems specific to your business?

Let's connect.

   Use Case: Top-20 Airline Takes Proactive Cyber Stance on Vendor Base 1407.573.6800

 For Human Resources, please call  855.367.8737

   Use Case: Top-20 Airline Takes Proactive Cyber Stance on Vendor Base 2sales@fortressinfosec.com

Contact Sales


View More Resources Here

Use Case: Top-20 Airline Takes Proactive Cyber Stance on Vendor Base 3
Utilities
Use Case: Top-20 Airline Takes Proactive Cyber Stance on Vendor Base 4
Transportation
Use Case: Top-20 Airline Takes Proactive Cyber Stance on Vendor Base 5
Healthcare
Use Case: Top-20 Airline Takes Proactive Cyber Stance on Vendor Base 6
Finance
Use Case: Top-20 Airline Takes Proactive Cyber Stance on Vendor Base 7
Energy
Use Case: Top-20 Airline Takes Proactive Cyber Stance on Vendor Base 8
Additional Industries
Use Case: Top-20 Airline Takes Proactive Cyber Stance on Vendor Base 9

Use Case: Top-20 Airline Takes Proactive Cyber Stance on Vendor Base 10 Use Case: Top-20 Airline Takes Proactive Cyber Stance on Vendor Base 11 Use Case: Top-20 Airline Takes Proactive Cyber Stance on Vendor Base 12

189 S Orange Ave #1950, Orlando, FL 32801
(407) 573.6800
sales@fortressinfosec.com

COPYRIGHT © 2019. FORTRESS INFORMATION SECURITY. ALL RIGHTS RESERVED. PRIVACY POLICY

PRESS RELEASE

FORTRESS LAUNCHES INNOVATIVE COLLABORATION TO HELP PROTECT THE POWER GRID FROM CYBER THREATS

Emerging Risk Brief

ASSET RISK MANAGEMENT - FOR PORT AUTHORITIES

Advisory

5 STEPS FOR AN EFFECTIVE THIRD PARTY VENDOR RISK PROGRAM

White Paper

CIP COMPLIANCE – UPDATES, ENFORCEMENT AND PRACTICAL IMPLEMENTATION

Advisory

5 STEPS TO A STRONG VULNERABILITY MANAGEMENT PROGRAM

WHITE PAPER

NERC CIP COMPLIANCE

Subscribe to Fortress Newsletter

For breach reports, threat intelligence, regulatory updates, cyber security news alerts and more, sign up to receive the Fortress Newsletter.

Threat Advisory

Outdated Security Appliance Facilitates Denial-of-Service Attack on U.S. Grid

WEBINAR DOCUMENT

NERC CIP SUPPLY CHAIN SECURITY STANDARDS