© CGI Group Inc. Confidential

Assess the risk. Protect your business. Operate with

confidence

Mika Hållfast, Director, Global Cyber Security, CGI

Confidential

Agenda & Introduction

“Organizations globally are balancing compliance-driven

cybersecurity with security work enabling changing

structures and growing business. With global, industry and

organization based challenges, organizations struggle to

ensure secure operating environment. “

1. Changes in threat actors and operating environment

2. Cybersecurity we need today

3. CGI in Cybersecurity

4. Key takeaways

2

Mr. Mika Hållfast

Director – Global Cybersecurity Bachelor of Engineering (B.Sc.)

mika.hallfast@cgi.com

Confidential

Cybersecurity we need today

Confidential

Modern Cybersecurity Operations

→ The modern cyber security program must reflect an elevation in strategic position and intent within

the business. It must also move beyond a traditional “defensive” mindset to improved detection

and response capability.

→ We must move from a compliance-driven approach to a risk-driven approach – build a proactive

capability based on a specific risk profile and not on a generic set of compliance standards.

Develop and implement

the appropriate

safeguards to ensure

delivery of critical

infrastructure services.

Develop and implement

the appropriate activities

to identify the occurrence

of a cybersecurity event.

Develop the organizational

understanding to manage

cybersecurity risk to

systems, assets, data, and

capabilities.

IDENTIFY

STRATEGIC ELEVATION ( POLICY, GOVERNANCE, TRAINING & AWARENESS….)

PREVENT DETECT RESPOND

Develop and implement the

appropriate activities to

take action regarding a

detected cybersecurity

event.

Confidential

The Security Operations we need today

Predictive

5

Confidential 6

Confidential 7

Preventive

Preventive controls remain to be efficient for

majority of threats. New emerging technologies with

machine learning will ensure they will remain

efficient for the visible future.

Challenges with preventive control technologies

include the resources needed for continuous

optimization to ensure coverage and adaption to

evolving threats.

Usually controls are not managed holistically but

reside in several organizational or outsourcing

structures reducing the overall security created.

Confidential

Detective

Near Real-time Detection and Analysis of on going

Security Threats

• Incident Management, Response and Forensic

Investigation

• Operated by Teams of Highly Skilled Security

Professionals

• Empowered by Global Situational Awareness

and Threat Intelligence

8

Confidential

Retrospective

“Advanced threats” are difficult to identify with

traditional tools and technologies, in some cases

they are tailored to evade local capabilities.

New approach is needed.

Example of service

Confidential

Predictive

• Anticipation of targeted

threats on the rise

• Supports proactive mitigation

of emerging threats

• Enables automation of

preventive security controls

• Provides Contextual Insight to

Security Operations Teams

and drives more accurate

Triage of Incidents

Continuous Analysis and Fusion of Threat Information and Client Contextual Data to produce

Actionable Threat Intelligence

Confidential

CGI in Cybersecurity

Confidential

CGI Global Cyber Security Strong Cyber Security Capability and Credentials

40+ years of experience in

information security across

government and commercial sectors.

3 accredited test facilities

Canada, US and UK.

Independence in technology,

delivery, service model and

operations.

7 Security Operations

Centers globally

1400 cyber professionals

globally

Tested and proven in some of the

world’s most sensitive and complex

environments

We help businesses and government clients to assess the risk, protect the

business and operate with confidence in the digital world

Confidential

CGI Cybersecurity services

Continuous Security services

Technical Security services

High End consulting services

Confidential

Global SOC network

14

Confidential

Key takeaways

Confidential

Next steps in Cybersecurity

• Automated (CVM) vs. static (CMDB)

• Data assets - Physical assets - Cloud

Identify Assets

• Security devices

• Security monitoring

Build Detective capabilities

• Data assets

• Physical assets

• GDPR

Focus on critical assets

• Don’t only focus on compliance

Not only compliance

16

Confidential

Mika Hållfast

@cgi.com