h

Case Study

CIIGSA Gold Refinery

The cutting edge method of safeguarding information assets

The Challenge

Concerned following the increase in reported hacking attempts toward corporations, and the potential exposure of trade secrets, client data and private communications, the management team of CIIGSA, a Gold Refinery firm Headquartered in Colombia with annual revenues of $150mm felt a necessary time to review and implement measures to improve their information security posture.

CIIGSA tackled the challenge of improving its information and operational data security by implementing an information security program across its various operational centers throughout Colombia.

The Solution

When the CIIGSA team approached us, they had firewalls and anti-virus tools implemented, but lacked a definitive information security advisory partner to help them move beyond their initial setup.

We were given an aggressive timeframe within which to deliver and configure a working information security program that would prevent unauthorized access, detect intrusions, stop malware, encrypt all communication and enabled role based access to critical & very sensitive mining operational information.

There were two primary components to improving CIIGSA’s information security footprint:

Unified Threat Management

The key to CIIGSA’s information security program is its information security perimeter defense.

We implemented a Unified Threat Management (UTM) solution for CIIGSA, which included a Network protection, an IPS/IDS solution, Anti-Virus and Malware detection, realtime inflow and outflow data/traffic scanning, remote VPN access and encrypted point to point communication.

All CIIGSA offices in Colombia were linked via encrypted VPN’s to ensure information integrity.

Role based access

We leveraged a GRC based approach to identify the core operational functions performed by the various groups within CIIGSA, along with the information assets required by them.

We then instituted a role based information access and attestation program to ensure only the relevant groups had access to information needed for their business purposes.

This role based information use and attestation program resulted in a clear understanding of who within the organization has access to, and is responsible for, various mission critical information assets.

How we delivered a successful project

With our strong background in information security and a successful track record of implementing scalable, enterprise-grade information security solutions, we developed a deep understanding of the goal and scope of the program, narrowly defined the core challenges, and promptly delivered an enterprise-grade information security solution.

The keys to our success with CIIGSA was a close working relationship with them from project inception to final delivery. Our partnerships with leading information security vendors allowed us to present a solution to CIIGSA that was both scalable and cost efficient.

Network Protection

s

Malware, Intrusion Prevention & Detection

w

Communication Encryption

Data Loss Prevention

The Results

We implemented an information security program that continuously monitors all information coming into and leaving CIIGSA’s networks, with instruction to alert the approved teams when irregular outflows of data or potential hack events are detected.

Additionally, we implemented a “need to know” based information access paradigm where in CIIGSA’s Colombia resources were able to access only the information they required, minimizing risk of intentional or unintentional information compromise.

The improved management of information assets, encrypted communications, and improved information security perimeter protection has made CIIGSA a harder target to compromise, enhancing its brand image and improving investor and board of director confidence in the management team.

“I was extremely impressed with Pevnost’s ability to partner with us; it felt like they were part of our team. Their information security advisors supplemented our IT teams understand and implement the best of class tools needed to meet our needs.

Pevnost’s bilingual employees seamlessly navigated our Spanish only work environment.” Karen Gonzalez

Chief Operating Officer, CIIGSA