CIIGSA Gold Refinery
The cutting edge method of safeguarding information assets
Concerned following the increase in reported hacking attempts toward corporations, and the potential exposure of trade secrets, client data and private communications, the management team of CIIGSA, a Gold Refinery firm Headquartered in Colombia with annual revenues of $150mm felt a necessary time to review and implement measures to improve their information security posture.
CIIGSA tackled the challenge of improving its information and operational data security by implementing an information security program across its various operational centers throughout Colombia.
When the CIIGSA team approached us, they had firewalls and anti-virus tools implemented, but lacked a definitive information security advisory partner to help them move beyond their initial setup.
We were given an aggressive timeframe within which to deliver and configure a working information security program that would prevent unauthorized access, detect intrusions, stop malware, encrypt all communication and enabled role based access to critical & very sensitive mining operational information.
There were two primary components to improving CIIGSA’s information security footprint:
Unified Threat Management
We implemented a Unified Threat Management (UTM) solution for CIIGSA, which included a Network protection, an IPS/IDS solution, Anti-Virus and Malware detection, realtime inflow and outflow data/traffic scanning, remote VPN access and encrypted point to point communication.
All CIIGSA offices in Colombia were linked via encrypted VPN’s to ensure information integrity.
Role based access
We then instituted a role based information access and attestation program to ensure only the relevant groups had access to information needed for their business purposes.
This role based information use and attestation program resulted in a clear understanding of who within the organization has access to, and is responsible for, various mission critical information assets.
How we delivered a successful project
With our strong background in information security and a successful track record of implementing scalable, enterprise-grade information security solutions, we developed a deep understanding of the goal and scope of the program, narrowly defined the core challenges, and promptly delivered an enterprise-grade information security solution.
The keys to our success with CIIGSA was a close working relationship with them from project inception to final delivery. Our partnerships with leading information security vendors allowed us to present a solution to CIIGSA that was both scalable and cost efficient.
Malware, Intrusion Prevention & Detection
Data Loss Prevention
We implemented an information security program that continuously monitors all information coming into and leaving CIIGSA’s networks, with instruction to alert the approved teams when irregular outflows of data or potential hack events are detected.
Additionally, we implemented a “need to know” based information access paradigm where in CIIGSA’s Colombia resources were able to access only the information they required, minimizing risk of intentional or unintentional information compromise.
The improved management of information assets, encrypted communications, and improved information security perimeter protection has made CIIGSA a harder target to compromise, enhancing its brand image and improving investor and board of director confidence in the management team.
Pevnost’s bilingual employees seamlessly navigated our Spanish only work environment.” Karen Gonzalez