Risk Department and IT Security, Banking Group.
Increase the internal traceability and tracking of operations and optimize the internal permanent control process. Design and implement an "operations evidence storage system" with the aim of :
• Post-mortem and forensics analysis
• User journey visibility and tracking
• Event detection (internal fraud, etc.)
Back-office banking systems, messaging systems, CRM application Siebel, habilitations, unified messaging & conferencing tools, IP services (directory services, DNS, DHCP, proxy /reverse proxy, firewalls, IPS/IDS,…), external banking and regular exchanges (Banque de France, Ministry of Finance,…).
High-level design and technical specifications design of an end-to-end internal operations tracking solution based on logging, trace management and identity correlation.
IT Direction of a major French betting operator (No1 in France with more than 800millions Euros transactions on line per year).
High level design and engineering for french regulatory body legal compliance (ARJEL – Autorité de Régulation des Jeux En Ligne) for information systems and IT security. Consulting services for implementing all the technical aspects needed in order to comply with the legal and regulatory framework.
Technical design and specification for proof and evidence collection from different points of the IT system (trace extraction, log collection, correlation, evidence extranet frontal, legal storage, etc.). Engineering and solution implementation. Process definition, IT security directives, security events process upgrade, centralized security log platform.
Approximate 1 year.
IT Operations directorate of a major worldwide industrial Group listed on the French CAC40 and on the NYSE index.
The initial objective was to design and build an automatic Sarbanes–Oxley proof-of-respect platform. Later on, due to its success, the aim was to share this solution for ITIL incident resolution & troubleshooting, and internal customer reporting.
SOX criteria : change management, back-up & restore, OS hardening, batch & operations jobs, reporting. Technical domain: IT operation logs from Tivoli, HP Service Desk, VTOM, DataProtector, CFT, HP OVO, OS hardening, Oracle, SAP, etc.
Design and build of the infocentre for IT operations, events and logs collection from the various supervision tools in place. Oracle database modeling, retrieval and data collection interfaces development, parsing, data extraction, data storage,…; reporting (business intelligence interfacing, Business Objects environment,…).
Approximate 6 months, followed by a multi-annual maintenance and managed services period.
IT Security Corporate entity of a major Public Sector French administration.
Elaborate a ISO27001-based Information Systems Security framework. Assist and help the CSO (Chief Security Officer) to apply and implement this framework within the different entities and branches all over France. Elaborate the security directives and process for "Logical Access Control" and "Traces and e-evidence with legal value". Design and deploy a turn-key solution for operations tracking for maintenance and third-party outsourcers.
Documents definition including process definition for traces & logs management, legal compliance implementation on IT security, framework definition (process, tools, engineering, organization,…). Training and assistance towards the operational teams. Technical design and implementation of a specific tracking solution, based on SpectorSoft vendor solution (rebound architecture, key-logging, screen capturing, transactions and commands tracking, …).
Approximate 3 months, followed by a multi-annual maintenance and managed services period.
Security, Fraud and Data Retention Directorate of a major French Telco (more than 10 billions Euros annual turnover, more than 25 millions clients)
Design, build and implement as a turn-key project a traceability solution for internal surveillance of all internal access (read and write) to CRM and sensitive personal-data information data bases such as billing databases, convergent messaging systems databases, etc. Identify and protect against the leak of sensitive information (VIP data, pin-code, etc..) by inside.
Design and implementation of a innovative DPI-based solution (deep packet inspection intelligent probes for trace extraction from the network). Specific probe plug-in development & customization in order to recognize and translate the sensitive information accessed (name under surveillance, group of internal users, keywords and screens,…) . Implementation of the solution on several information systems and on several datacenters.
Design, software development and implementation of a traceability web-based secured portal allowing the security & fraud team to manage (supervise, analyze, filter, store with legal value, etc.) the data obtain by the tracking (probe) infrastructure.
Several information systems involved, most of them heterogeneous, with no logs capabilities (such as legacy MVS/3270 systems for visualization logs, Oracle databases, CRM Clarify, etc.) and no possibility of implementing at reasonable costs the logs in the applications.
Approximate 6 months, followed by a multi-annual maintenance and managed services.
Telecoms & Security Corporate entity of a major worldwide French Retail actor.
Build, implement, supervise and implement the changes of the virtualized global infrastructures (systems, applications, storage solutions, etc.) of the main datacenters in France and international (Europe, South America).
Design, build and supervise the virtual secured infrastructure of the main datacenters : virtualized systems VMware (Vcenter, ESX,…), storage & backup (TSM IBM, EMC, MirrorView, SRM, etc.). Design, implement and supervise a QoS and performance management solution for strategic application supervision and SLA measurement (solution based on Compuware).
Multiyear managed services.