Enterprise Vulnerability Analysis - 2012, 2014, 2016 and 2018

Project Description

Enterprise Vulnerability Analysis - 2012, 2014, 2016 & 2018

Over 15.000 active assets out|inside 10 companies belonging to the group, the biennium recurrent project mapped the real situation, in paralel with a photography of IT/Security maturity through three main domains: processes, people and technology.

2012 - 1 TOE (Target of Evaluation): Infrastructure assets only
2014 - 5 TOEs: Infrastructure, SAP (using Onapsis X1), Databases (SQL and Oracle in deep), Connectivity (Routers, Switches and Firewalls against/based CIS) and Web Application instances (partial pen-testing).
2016 - 3 TOEs: Penetration Test (against critical application), Internet Branding (Reputation, News & Critical Tags) and Phishing Scam (from CIO to interns).
2018 - Probably IGA/IdM/Credentials for the 5 most critical systems: SAP, AD, Unix, DBs and Telecom devices (webservices, sockets and APIs in the 2nd-Wave).

This project, endossed by Holding, assessored/designed by internal iSecTeam and executed impartially and externally by some Big4 (one by RFP), outlines how organizational Governance, Risk and regulatory Compliance inside ITO/BPO needs will be addressed through a "Plan-Do-Check-Act" approach to a Vulnerability and Continual Service Improvement Mgmt Program.

Lessons Learned

It would reduce complexity and the initial scope (for faster corrections and partial deliveries).

Highlights

under budget
received recognition / award
support from colleagues

Difficulties

large no. of people impacted
hard to meet schedule

Technologies Used

Technical Skills Used

  • Unix
  • Windows
  • SAP
  • Telecom Devices
  • Applications
  • Operational Systems

Technical Certifications Used

  • LPIC
  • MCSE
  • Security+

Awards

Project Recognition
  • Campinas (BR)-22.9056-47.0608
Ask me a question