A company active in the media and telecommunications sectors. In particular, it provides to their consumers several services among which the most important are a television platform, an OTT service and a fixed telephone and broadband network service.

Our Client has to increase the cyber security maturity level of the organization. It has been adopted at group level a cyber security maturity framework divided in 20 different domains and the company must increase year by year the maturity level of each domain.

The main challenge was related to the different organizations, processes and activities of the different countries because the main goal of the maturity journey was the alignment and integration of the different countries into a unique cyber security group. We have helped the company on different projects and activities aimed at improving their cyber security posture.

Support the client in the direct management of the remediation actions defined to increase the security posture of the company as required by the cyber security maturity framework.

In addition, we have defined a new set of KPI security metrics to allow the company to identify the main issues and to address it with specific remediation actions. The KPI was related to Infrastructural and application vulnerabilities, Security risks and exemptions, identity management, Privileged access management, incident response and security monitoring, host security and details on the main security projects.

The maturity level of the company has steadily increased in the last two years, starting from a score of 2,5 (out of 5) to reach 3,5 at the end of 2022. The definition of periodical KPI reports allowed the company to have a more clear view about the security posture and to address promptly the main issues.

These KPI reports have been shared at group level and have been critical for the addressing of some of the main issues identified.