Context & objectives
Founded in 1985, the Bexley brand boasts a network of 17 stores and an e-commerce site launched in 1996, through which the company achieves 30% of its revenue. Certain mismatches between the Bexley IT system and the e-commerce site are likely to contain or generate areas of vulnerability.
To protect the IT system against internal and/or external threats in order to safeguard the company’s business activities and guarantee continuity. The challenge was broken down into 4 operational objectives:
- To align security initiatives with the requirements of the business;
- To merge the approach within a context of continuous improvement in order to ensure that the IT system develops in a composed and controlled manner;
- To achieve state-of-the-art security performance aligned with standards;
- To launch a global IT security approach based on a process of risk management, performance management and pragmatic implementation of best practices.
Solutions & methods
Exploiting its extensive expertise, Netsystem conducted a 360° security audit based on the ISO 27002 standard, supplemented by coverage of the risks inherent to e-commerce. A situation report was established detailing system maturity and the coverage of cyber risks, followed by an action plan initially focussed on short-term measurable results. Support was provided in two distinct phases:
- The set-up phase, incorporating an audit to identify ‘quick-win’ solutions to produce results within two months;
- Regular follow-up support to help Bexley personnel apply the solutions.
Key success factors:
- In-depth experience
- Implementation speed
- Effective collaboration
Testimony of Vincent Ferrara (Senior Consultant)
The Bexley assignment was a real challenge: namely to conduct an audit in double quick time on behalf of an investment fund. And it is our experience that enabled us to respond to such tight deadlines, backed up by the professional quality of our consultants who were able to exploit their know-how to the full. The result is a set of recommendations accepted and implemented in full.