Worldline - 2019 Universal Registration Document

D

EXTRA-FINANCIAL STATEMENT OF PERFORMANCE Building customer trust with reliable, secured, innovative and sustainable solutions

HowWorldline addresses cyber threats The fight against cyber-criminality is done in three main aspects: prevention, detection and response as part of the Worldline’s Security Strategy.

Prevent

Detect

Respond

Threat Intelligence (TI) Vulnerability Assessment Penetration tests

Endpoint Detection and Response (EDR) Security Information and Event Management (SIEM)

Computer Security Incident Response Team (CSIRT) Security Incident Response Forensic Analysis

Worldline's fight against cyber-criminality

Prevent A. Threat Intelligence (TI): TI helps Worldline to deal with the ● wide variety of digital threats, including exploitation of vulnerabilities in computer systems, organized hacking and reputational or computer fraud. A security breach can compromise Worldline business, impact regulations, and have bearing on the Worldline reputation. To monitor the threats of today and potential future risks, monitoring of unstructured and external sources is required to better suit the ongoing and ever-changing cyber threat landscape; gathering valuable information from countless sources on the Internet such as vendor security advisories, vulnerability repositories, social media, black board systems, search engines, including Dark and Deep Web sites to determine their severity. Then it is necessary to prioritize and identify the action required to mitigate the threat. Vulnerability Assessment: Security operations performs ● vulnerability watch and warns stakeholders in a relevant delay. Vulnerability notification include the following information: Advices for remediation, ●

Severity based on the Common Vulnerability Scoring ● System (CVSS), Availability of a patch, ● Requirement for extra analysis. ● Penetration Tests: Execution of penetration tests on IT ● platforms ( i.e. system, network equipment, infrastructure, applications). An audit report is created which includes understandable evidences of the findings: Details of the vulnerability, ● Exploitation scenario (if the vulnerability has been ● exploited), Evidences of exploitation (if the vulnerability has been ● exploited), Proposed Remediation Plan. ●

110

Universal Registration Document 2019

Made with FlippingBook Ebook Creator