Todays' Enterprises face a near existential challenge. As cyberattack frequencies continue to escalate globally, many companies and organizations struggle to manage and protect critical systems with legacy infrastructure. This is compounded by the reality that so many security projects fail to deliver value on budget, on time or at all. The unique Fujitsu approach to security professional services recognizes that organizational culture, people and personalities are just as important as technology in a successful and valuable cyber security program.
Fujitsu Security Professional Services are tailored engagements that provide independent expertise and advice designed to meet our customers’ specific requirements, helping to address business and operational security needs. The precise approach and duration taken will vary dependent upon customer requirements. We believe in a collaborative approach involving workshops, check point meetings and joint development of deliverables which are discussed and agreed at the outset of the engagement. Professional services engagements are underpinned by proven Fujitsu methodologies, such as our industry-recognized Macroscope®.
Fujitsu Security Consultants have a broad range of skills and experience including CISSP (from ISC2), CISA (from ISACA), CCSK (from CSA) and CBSE (from Biocertification). They also regularly participate in standards definition bodies such as OASIS, ISO and NIST.
The following are examples of the types of engagement available:
- Security Strategy: A good security strategy is aligned with the wider business strategy and desired outcomes. The Security Strategy engagement will identify what the business objectives are regarding security (for example achieving ISO27001 certification, meeting current best practice levels, identifying future relevant security trends etc.) and will assess the customer’s security requirements. The output of the work will provide the customer with a coherent roadmap, showing how to enhance their current security strategy to enable the commensurate level of security that will meet their specific business needs.
- Enterprise Security: IT infrastructures host complex enterprise wide applications, including HR systems, Intranets, service desks, email and Instant Messaging. They increasingly allow access to social media to fulfil valid business objectives. However, existence of such powerful user-orientated tools has security implications. These can include the overriding of existing access controls, elevation of user privilege and can introduction of exploitable vulnerabilities. An Enterprise Security service engagement delivers an assessment of the organization’s overall security footprint, identifies risks and specific vulnerabilities and provides advice and guidance to mitigate vulnerabilities and reduce the risks to an acceptable level.
- Cloud Security: As more and more customers move to the convenience and cost effectiveness of cloud based solutions, the security of customers’ data can be affected. It is important to understand and plan for the security implications of a move to cloud based services. These will include data confidentiality, integrity and availability, along with service availability and business continuity. The Cloud Security service engagement will provide advice on the specific risks and provide mitigations to ensure a move to the cloud does not introduce an unacceptable level of risk as well as supporting the secure transition to the use of cloud services.
- Risk and Compliance: Organizations must meet increasing demands for compliance with legislation and standards. Standards include ISO27001 (Information Security Management), PCI DSS (Payment Card Industry Data Security Standard) and SOC2, as well as numerous federal Financial standards. The output of the Risk and Compliance service can include an assessment of the organization’s need to comply with standards, an approach to ensure regulatory compliance with both legislation and standards as well as providing solutions that will implement suitable changes to the existing infrastructure, ensuring conformance.
- Architecture, Design and Deployment Services: Organizations must ensure that they have proportionate security controls in place to be successful in today’s business world; however, by definition, a presence on the Internet will expose a customer to a wide range of threats, with new ones emerging daily. The risk of these threats being successfully executed can be reduced to an acceptable level by having an effective security architecture as well as expert design, implementation and management of security enforcing capabilities. To enable our customers achieve this, Fujitsu can:
- Provide security architecture and design expertise to supplement existing capabilities as well as providing assurance of the deployed security controls.
- Provide architecture, design and deployment professional services to build, install, test and integrate a wide range of security enforcing technologies into the overall security and service framework within the enterprise.
Fact Sheet: Compliance Consulting (535 KB)
Fact Sheet: Security Assessment (535 KB)