A large supplier of polysilicon for the electronic and solar power industries needed to separate its IT infrastructure from its parent company and build a robust cybersecurity program from the ground up. Not only did the company’s IT organization need to support the business quickly and cost-effectively, but it also faced challenges of limited resources and support from its parent company. Before CBI engagement, the company did not have any foundational security elements in place, such as general policies, procedures, standards and build documentation. It also needed to select and define its cybersecurity framework and governance program.
The company engaged CBI to work with its IT leadership team to review the designs and connectivity of its operational network to ensure that proper security would be incorporated. CBI assigned a dedicated resource to assist the company with all its security requirements. Additionally, CBI provided Security Operations (SOC) services to monitor the company’s overall cybersecurity environment. CBI worked quickly to establish important policies and standards documentation, which ultimately became the foundation of the company’s cybersecurity program. The company leveraged this foundation to define a current state and develop a cybersecurity roadmap which would cover them for the next two years.
The company expedited implementation of a secure network infrastructure to protect the business and manufacturing areas from potentially damaging outside threats. Additional CBI resources gave the company the support it needed to achieve an aggressive timeline to separate from the parent company while ensuring that effective cybersecurity would be established. CBI performed a current state assessment against the NIST 800.53 cybersecurity framework and worked with the company to draft a complete set of policies that mapped directly to its cybersecurity framework. The company was then able to increase the maturity of its cybersecurity program over the course of two years—thus improving its overall cybersecurity posture.