Continuous Security Improvements Suite

Information Security Services

ICC is expanding its information security services to provide continuous improvement for ICC’s Clients and Partner Organizations.

ICC’s new information security services, including Common Secure, offer continuous, reliable and timely information security protections and controls, including gathering critical cyber information from Partner members, commercial security firms, service providers, federal, state and local government agencies, law enforcement and other trusted resources. These services help to strengthen relationships with the cyber community at large on behalf of United Nations organizations and to foster a reputation for excellence. ICC is thus uniquely positioned to quickly disseminate cyber threat alerts and other critical information to organizations across the world.

ICC has recently developed a set of solutions to improve its information security management capabilities provided to its United Nations Partner Organizations and to meet the needs of the UN’s cyber security strategic goals concerning growing cyber threats. Several of the solutions have fully implemented solutions, while others are in pilot stage, all with measurable results or early findings.

The ICC Continuous Security Improvement Suite (CSI) project includes 1) One ICTbox, a rapidly deployable modular infrastructure for UN field offices with built-in security controls, 2) Common Secure, a cyber security information sharing/threat analysis community network, 3) Common Connect, a common trust for UN Agencies to collaborate and share information assets, and 4) Information Security Governance and Operations (UNICC CISO-sharing, IS advisory support and operational solutions for smaller UN Agencies to implement and manage ISMS standards and processes.

The UNICC CSI project (as well as the earlier decision to implement an ISO 27001 ISMS), was put into place based on several business needs, including:

  • Provide continuous improvement to information security solutions utilised by ICC’s Clients and Partner Organizations based on new technologies and approaches to UN family cyber security
  • Position ICC as a UN information security strategic partner and thought leader
  • Make sure that information security decisions are based on identified risks, validation of risks assessment results, acceptance of residual risks and validation of counter-measures
  • Address audit issues, including validation of audit recommendations and commitment over remediation actions.

After ICC’s ISO 27001 implementation and successful re-certification for its internal information security posture and for that of many of ICC’s 38 Partner Organizations, clients in the past two years began to ask for additional, state-of-the-art cyber security solutions.

The CSI project utilises new technologies and flexible approaches to continuous improvement in information security across the UN family:

  1. OneICTbox for UN field offices, deployed to over 75 offices in several UN Agencies, now piloting its ‘Generation 3’, leverages new Cisco technologies, with cloud-based services such as network traffic profiling, content filtering, Edge Intrusion detection, Web caching and One Time password for Remote Access.
  2. Common Secure functions to share, for the first time ever in the UN, expertise, knowledge and resources around cyber security. It helps the UN to prepare for, respond to, and mitigate risks associated with threats. It offers continuous, reliable and timely information gathering from Agency members, commercial security firms, service providers, government agencies, law enforcement and other trusted resources.
  3. Common Connect allows Partner Agencies to share a trust with federated authentication, enabling users to access multiple Agencies’ platforms using their own log-in credentials. Common Connect uses Security Assertion Markup Language 2.0 (SAML 2.0) for exchanging authentication and authorization data between security domains.
  4. ICC’s information security governance and operational support provide flexibility for smaller UN Agencies in an era of resource constraints. This includes a UNICC Shared CISO role for strategic guidance and business alignments, CIO assurance, expertise for technical teams, and awareness for end users. This includes operational services from implementation and monitoring of enterprise antivirus systems, periodic vulnerability scanning and coordination of follow-up actions, log reviews and analysis, periodic alignment of accounts and credentials, to perimeter and firewall rules management.

For more information contact business@unicc.org.