2022 UNICC common secure group photo
Photo: UNICC

Common Secure: Cybersecurity Solutions for the UN Family

In today’s digitalized world, cybersecurity is a matter of critical importance to the United Nations as well as for international organizations. UNICC offers a wide array of Common Secure cybersecurity solutions to strengthen the UN system’s cyber posture.

UNICC’s cybersecurity services cover governance, architecture and organizational resilience as well as a whole spectrum of operational components, supporting 80 Partners in preparing for, responding to, and mitigating risks associated with cyber threats with a common approach to cybersecurity.

Cyber criminals are collaborating more and more so cybersecurity professionals need to step up on sharing intelligence and information to keep pace with cyber criminals. Common Secure members can envision a UN family to collect and share information to keep our Agencies secure and aware.

Tima Soni, Chief, Cybersecurity Division, UNICC

The United Nations Joint Inspection Unit (JIU) has recommended UNICC services in its Cybersecurity in the United Nations system organizations (JIU/REP/2021/3) report. The JIU is an independent, external oversight body that conducts evaluations, inspections and investigations in the UN, who in 2021 reviewed the use of cybersecurity practices across the UN and encouraged all UN Agencies to leverage UNICC’s capacity and know-how for a stronger UN system cyber posture.

UNICC Certifications

UNICC is certified with ISO 27001 and is a 2020 and 2017 CSO50 information security award winner.

UNICC Cybersecurity Services

Governance and CISO Support

UNICC’s Information Security Management System (ISMS) framework mitigates the risk of exposure of an organization to the high risk of negative reputational impact, loss of valuable information, exposure to malicious acts as well as sophisticated and complex cyber-attacks.

Security Operations Centre

The Common Secure Operations Centre (CSOC) involves a specialized unit that monitors, analyses, and responds to cybersecurity events using a combination of technology processes and solutions. The CSOC is staffed with skilled cybersecurity practitioners.

Threat Intelligence Network

This service functions to share timely, relevant and actionable physical and cybersecurity threat and incident information. This enhances the ability of the United Nations to prepare for, respond to, and mitigate risks associated with these threats.

Security Incident and Event Management

Security Information and Event Management (SIEM) solutions and services are typically part of an organizational security operations regime. They provide real-time analysis of security alerts generated by applications and network hardware.

Vulnerability Management

UNICC’s vulnerability management services provide continuous identification and remediation of vulnerabilities and configuration flaws through a combination of processes and technologies that its Information Security specialists can leverage.

Penetration Testing

Penetration testing consists of actively exploiting vulnerabilities in order to prove (or disprove) real -world attack vectors against an organization’s digital assets, data, staff, and/or physical security. It allows to identify weaknesses in information security controls.

Phishing Simulation

UNICC’s phishing simulation services enable Partner Agencies to test effectiveness of their information security awareness programme.

Incident Response and Forensics 

UNICC’s Digital Forensics and Incident Response (DFIR) services provide well-defined and industry standard incident handling procedures and programs for analyzing incident-related data and for determining appropriate responses to any organizational security incident. 

Information Security Awareness

UNICC offers strategic advisory services to help an organization set up a state-of-the-art, effective information security awareness strategy, an industry-leading cloud-based learning lab and communications support including deliverables with messages, bulletins, posters and portal support.

PKI Digital Identity

UNICC’s PKI digital identity services are broadly divided into three categories: internal UN system-wide PKI services for secure communications between Agencies, hosting and managing of organizational PKI infrastructures and publicly-trusted PKI services complemented with a full range of certificate types.

Infrastructure and Network Support

UNICC’s Infrastructure and Network Support services span across infrastructure, platform and applications from the delivery of fully managed components to the utilization and analytics of tools as well as techniques.

Electronic Signature Services

UNICC provides an electronic signature solution in partnership with DocuSign, with automation technology to confirm the irrefutable validity of every signature in any process workflow, backed up by a comprehensive audit trail.

Secure AuthN Federated Authentication

The Secure Authentication Service provides a connection for enterprise solutions, platforms and applications to authenticate users against their own organizational identity management directory. With minimum modification (the service supports modern authentication protocols), any app can be registered to use the service.

Zero Trust Architecture (ZTA) Maturity Assessment

This service helps UN Partners to understand their current ZTA maturity level by reviewing the current organization enterprise architecture, products and technologies and provide a high-level roadmap that enables a ZTA to better protect their critical assets.

Cybersecurity Resilience Maturity Assessment

UNICC offers a holistic assessment service using the ISO 27001 standard as a reference framework to determine effectiveness of the organization’s information security capabilities.

M365 Cybersecurity Services

With the constant updates and enhancements in the cyber security capabilities made available by Microsoft, UNICC Clients can leverage UNICC’s cybersecurity expertise to perform an overall security assessment of the risks influencing the M365 environment.

Cybersecurity Architecture Assessment

These services are focused on providing cybersecurity architecture review and assessment of organizations’ Azure or AWS environments. The assessment leverages Microsoft Azure or AWS security best practices and Cloud Security Alliance (CSA) controls matrix for technical and security architecture review.

Common Vendor Security Risk Assessment Services

This service helps organizations maintain due diligence with supply chains by holistically assessing the risk introduced by third parties.

Cybersecurity Network Architecture Assessment

This service is focused on providing cybersecurity network architecture review and assessment of organizations corporate IT environment. The assessment leverages security best practices and ISO 27001 security control framework for technical and security architecture review.

Organizational Resilience Management Services

UNICC Business Continuity/Disaster Recovery (BC/DR) Planning, or Organizational Resilience Management Services, is a comprehensive management and support system for Clients seeking to improve their organizational resiliency and ability to react to events that affect critical services or functions.

UNICC Common Secure Conference

2022 UNICC common secure group photo

UNICC hosts an annual Common Secure Conference with the goal to bring its information security Partners together to increase the UN family circle of trust, share intelligence on cyber practices and provide feedback on UNICC Common Secure services. The multi-day workshop blends vendor and regional stakeholder sessions with feedback, presentations and input from participating Agencies.