Case Studies

Nearly every major security breach involves compromised privileged account credentials and around 75% start with misuse of these accounts. DJM Consulting has managed the implementation of Privileged Access Management solutions for two global insurance companies and a FTSE100 hospitality company. In each case there were a number of common themes:

Third-Party Access: A need to securely provide access from third party service organisations to support critical infrastructure and systems.

Audit: Recommendations from internal or external auditors to improve the security controls associated with privileged accounts.

Change of Culture: The need for a change in culture within support teams to ensure that privileged accounts are adequately protected.

In all of these projects DJM Consulting evaluated and proposed solution options, procured the solution and managed the technical implementation as well as the implementation of new operating models for support and project personnel.

Identity and Access Management (IDAM) projects can deliver significant security improvements as well as operational efficiency gains. DJM Consulting has delivered IDAM solutions for a number of organisations, including government departments and financial services companies.

No two IDAM projects are the same but they all impact multiple systems and departments across an organisation and are therefore typically technically and politically complex.

DJM Consulting has been involved in every aspect of these projects, from developing strategies and roadmaps to implementing systems and processes.

Whether supporting specific regulatory requirements, e.g. FCA, GDPR or PCI, cyber security risk reduction or aiming for a specific goal such as ISO27001 certification a Security Programme needs to be built to address the following:

• Regulatory or certification requirements.
• Open Audit Points and recommendations.
• Evolving threats and technologies that can counter these threats.

DJM Consulting designed and managed a security programme for a global insurance company that incorporated a number of work streams, including:

• Remediation projects to address known security weaknesses and audit points.
• Specific projects to meet PCI and GDPR compliance.
• Continuous Security Training and Awareness.
• Continuous Security Monitoring and Testing to assess the effectiveness of current solutions.
• Projects to deploy new solutions or technologies, including DLP, SIEM, PAM, Vulnerability Management, IDAM, RBAC, NAC and the onboarding of an outsourced Security Operation Centre (SOC).