Protiviti helps transform data security cost center into a service operation with a significant revenue potentialSecurity Operations Center Telecommunications

Client Challenge

An information technology (IT) security monitoring solution Protiviti created for a clients internal purposes showed promise as a licensed third-party service. The client, a major telecommunications provider in the Asia-Pacific region, faced the challenge of building out and monetizing the technology, which was still untested internally and for which it needed to assemble a client base.

P O W E R F U L I N S I G H T SProtivitis Security Intelligence and Operations Services practice was engaged to develop a plan for ensuring that the security monitoring service functioned properly internally, with sufficient surplus capacity to serve external customers.Our services included:

Defining the security monitoring service, its operation, and key responsibilities for the service, to provide the client with a clear understanding of the product it would be marketing to potential customers.

Creating a rollout plan for the new service, focusing on these key issues/concerns: Design and Implementation Determining risks and requirements; developing a roadmap to

achieving objectives; assisting with the design and implementation of technology solutions. Technology Optimization Helping our client to understand and derive best value from tech-

nology configuration and reporting capabilities; assessing capabilities to determine adequacy for the intended purpose.

Effectiveness Testing Conducting maturity assessments to determine effectiveness of security protocols; developing recommendations to address gaps; conducting assurance reviews at third-party providers to assess the design and operating effectiveness of monitoring and response.

Asset Logging Strategy Ensuring that the system design can accommodate the security needs of future assets, not just those logged at deployment.

Event Management Providing ongoing assistance with baseline tuning, anomaly detection, statis-tical analysis and reporting.

Training Assisting our client with staffing, training and best practices to support the rollout and ongoing maturity of the security operations, with the goal of ensuring a sustainable security environment for the organization.

Ensuring maximum flexibility in the technology that supports the new service to accommodate as many customer customization requests as possible with no need for additional redevelopment efforts.

2014 Protiviti Inc. An Equal Opportunity Employer M/F/D/V. PRO-PKIC-0514-150Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.

ContactsMichael Walter+1.303.898.9145 michael.walter@protiviti.com

John Rouffas+44.20.7930.8808john.rouffas@protiviti.co.uk

About Protiviti

Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 40 percent of FORTUNE 1000 and FORTUNE Global 500 companies. Protiviti and its independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies.

Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.

P R O V E N D E L I V E R Y

Protiviti was originally retained to assist in correcting what the client considered to be an internal technology problem. Our client had been prepared to spend several hundred million dollars with no expectation of financial return on investment. Our Protiviti engagement team not only identified the organizational and systemic causes for the technology failure, but helped turn a cost center into a profit center. This was accomplished by:

Designing a robust, sustainable security solution with enough surplus capacity that enabled the client to begin selling data security services at a profit

Providing a complete architecture review and use case assessment and recommending ways the client could engineer its SOC environment to benefit more effectively from the redesign of its Security Information and Event Management (SIEM) processes and deployment

Providing guidance and expertise to boost the clients triage and forensic capabilities, and training key staff on using the tools more effectively

Identifying companies in our clients customer base that would be candidates for conversion to the new security service. A key component of that analysis was ensuring our client understood the service it was offering and its potential to meet customers needs.

To date, revenue from the new business line has exceeded US$1 billion.

How We Help Companies Succeed

There are as many different security threats as there are reasons for an organization to be targeted. A hackers motivation can be personal, political, criminal, or purely opportunistic. In order to respond to these potential threats, security professionals must change the way they deliver protective services. Security solutions must be smarter, more efficient and of tangible value.

Too many organizations rely on technology alone to deliver effective security monitoring capability. It is all too easy to buy into the vendors pitch that technology is the silver bullet that will solve all security problems.

At Protiviti, we drive large security endeavors by focusing on people and processes aligned with business risk, as these are often the overlooked factors of a solutions success or failure. We help clients understand where the critical interaction among technology, people and processes occurs, to help organizations map IT security to risk more effectively.

We deliver the following services: Security Operations Center (SOC) design and implementation Technology optimization SOC assurance (internal and third-party security services)

Jonathan Wyatt+44.20.7024.7522 jonathan.wyatt@protiviti.co.uk