Problem

The airline industry has a particularly large cyber-attack surface with so many critical systems including maintenance, repairs & overhaul; on-board aviation; in-flight entertainment & connectivity; airport-based industrial controllers, ticketing and customer loyalty systems.  Each of the top 20 airlines has over 10,000 vendors and many have limited programs specifically addressing vendor-sourced risk.

One such airline has taken a step forward to securing their vendor base.  Given the monumental effort to mobilize risk mitigation in such a large and complex environment, automated & analytical approaches must be used. This airline turned to Fortress as a partner to achieve rapid program effectiveness.

SOLUTION

This airline and Fortress partnered to roll out a robust, third-party risk management solution on the Fortress Platform. The program objectives were to:

  1. classify vendors by business-impact risk
  2. create and monitor compliance in real time
  3. implement remediation processes

OUTCOMES

  • All 10,000 vendors were risk-ranked within 2 weeks and made available for browsing within the Fortress Platform.
  • Data & analytics were used to create an 80% confidence level in risk ranks. Remaining 20% confidence is obtained through manual processes.
  • Automated continuous cyber-security monitoring was put in place within 3 weeks for all vendors. This is a process where publicly-exposed vulnerabilities are detected and serves as an early-warning sign that a third party may have lax security controls.
  • Within 30 days, program guidelines were implemented into the Platform.
  • A three-phased, three-year approach was adopted.
  1. Phase 1 targets the top 10% critical vendors
  2. Phase 2 targets all high-risk vendors
  3. Phase 3 puts all vendors through the compliance program
  •  The top 10% critical companies were identified by overlaying the following:
  1. specific risk factors identified by the airline, cross-referenced to public and proprietary databases
  2. the automated business-impact risk ranks
  3. continuous cyber-security monitoring results.
  • Fortress Platform maintains all records and evidence, orchestrates workflow and provides real-time, self-service data exploration and dashboards.

View More Resources Here

Utilities
Transportation
Healthcare
Finance
Energy
Additional Industries

189 S Orange Ave #1950, Orlando, FL 32801
(855) 367.8737
sales@fortressinfosec.com

COPYRIGHT © 2019. FORTRESS INFORMATION SECURITY. ALL RIGHTS RESERVED. PRIVACY POLICY