Common Secure: Cybersecurity Solutions for the UN Family
In today’s digitalized world, cybersecurity is a matter of critical importance to the United Nations as well as for international organizations. UNICC offers a wide array of Common Secure cybersecurity solutions to strengthen the UN system’s cyber posture.
UNICC’s Common Secure services cover cybersecurity oversight and governance as well as a whole spectrum of operational components, supporting 90 partners in preparing for, responding to, and mitigating risks associated with cyber threats with a common approach to cybersecurity.
Cyber criminals are collaborating more and more so cybersecurity professionals need to step up on sharing intelligence and information to keep pace with cyber criminals. Common Secure members can envision a UN family to collect and share information to keep our Agencies secure and aware.
Tima Soni, Chief, Cybersecurity Division, UNICC
The United Nations Joint Inspection Unit (JIU) has recommended UNICC services in its Cybersecurity in the United Nations system organizations (JIU/REP/2021/3) report. The JIU is an independent, external oversight body that conducts evaluations, inspections and investigations in the UN, who in 2021 reviewed the use of cybersecurity practices across the UN and encouraged all UN Agencies to leverage UNICC’s capacity and know-how for a stronger UN system cyber posture.
UNICC Certifications
UNICC is certified with ISO 27001 and is a 2020 and 2017 CSO50 information security award winner.
UNICC Cybersecurity Services
UNICC’s Information Security Management System (ISMS) framework mitigates the risk of exposure of an organisation to the high risk of negative reputational impact, loss of valuable information, exposure to malicious acts as well as sophisticated and complex cyber-attacks.
The Common Secure Operations Centre (CSOC) involves a specialized unit that monitors, analyses, and responds to cybersecurity events using a combination of technology processes and solutions. The CSOC is staffed with skilled cybersecurity practitioners.
This service functions to share timely, relevant and actionable physical and cybersecurity threat and incident information. This enhances the ability of the United Nations to prepare for, respond to, and mitigate risks associated with these threats.
Security Information and Event Management (SIEM) solutions and services are typically part of an organizational security operations regime. They provide real-time analysis of security alerts generated by applications and network hardware.
UNICC’s vulnerability management services provide continuous identification and remediation of vulnerabilities and configuration flaws through a combination of processes and technologies that its Information Security specialists can leverage.
Penetration testing consists of actively exploiting vulnerabilities in order to prove (or disprove) real -world attack vectors against an organization’s digital assets, data, staff, and/or physical security. It allows to identify weaknesses in information security controls.
UNICC’s phishing simulation services enable Partner Agencies to test effectiveness of their information security awareness programme.
UNICC’s Digital Forensics and Incident Response (DFIR) services provide well-defined and industry standard incident handling procedures and programs for analyzing incident-related data and for determining appropriate responses to any organizational security incident.
UNICC offers strategic advisory services to help an organization set up a state-of-the-art, effective information security awareness strategy, an industry-leading cloud-based learning lab and communications support including deliverables with messages, bulletins, posters and portal support.
UNICC’s PKI digital identity services are broadly divided into three categories: internal UN system-wide PKI services for secure communications between Agencies, hosting and managing of organizational PKI infrastructures and publicly-trusted PKI services complemented with a full range of certificate types.
UNICC provides an electronic signature solution in partnership with DocuSign, with automation technology to confirm the irrefutable validity of every signature in any process workflow, backed up by a comprehensive audit trail.
The Secure Authentication Service provides a connection for enterprise solutions, platforms and applications to authenticate users against their own organizational identity management directory. With minimum modification (the service supports modern authentication protocols), any app can be registered to use the service.
This service helps UN Partners to understand their current ZTA maturity level by reviewing the current organization enterprise architecture, products and technologies and provide a high-level roadmap that enables a ZTA to better protect their critical assets.
UNICC offers a holistic assessment service using the ISO 27001 standard as a reference framework to determine effectiveness of the organisation’s information security capabilities.
With the constant updates and enhancements in the cyber security capabilities made available by Microsoft, UNICC Clients can leverage UNICC’s cybersecurity expertise to perform an overall security assessment of the risks influencing the M365 environment.
These services are focused on providing cybersecurity architecture review and assessment of organizations’ Azure or AWS environments. The assessment leverages Microsoft Azure or AWS security best practices and Cloud Security Alliance (CSA) controls matrix for technical and security architecture review.
This service helps organizations maintain due diligence with supply chains by holistically assessing the risk introduced by third parties.
UNICC’s Infrastructure and Network Support services span across infrastructure, platform and applications from the delivery of fully managed components to the utilization and analytics of tools as well as techniques.
This service is focused on providing cybersecurity network architecture review and assessment of organizations corporate IT environment. The assessment leverages security best practices and ISO 27001 security control framework for technical and security architecture review.
UNICC Business Continuity/Disaster Recovery (BC/DR) Planning, or Organisational Resilience Management Services, is a comprehensive management and support system for Clients seeking to improve their organizational resiliency and ability to react to events that affect critical services or functions.
Security Operations Centre
The Common Secure Operations Centre (CSOC) involves a specialized unit that monitors, analyses, and responds to cybersecurity events using a combination of technology processes and solutions. The CSOC is staffed with skilled cybersecurity practitioners.
Threat Intelligence Network
This service functions to share timely, relevant and actionable physical and cybersecurity threat and incident information. This enhances the ability of the United Nations to prepare for, respond to, and mitigate risks associated with these threats.
Security Incident and Event Management
Security Information and Event Management (SIEM) solutions and services are typically part of an organizational security operations regime. They provide real-time analysis of security alerts generated by applications and network hardware.
Vulnerability Management
UNICC’s vulnerability management services provide continuous identification and remediation of vulnerabilities and configuration flaws through a combination of processes and technologies that its Information Security specialists can leverage.
Penetration Testing
Penetration testing consists of actively exploiting vulnerabilities in order to prove (or disprove) real -world attack vectors against an organization’s digital assets, data, staff, and/or physical security. It allows to identify weaknesses in information security controls.
Phishing Simulation
UNICC’s phishing simulation services enable Partner Agencies to test effectiveness of their information security awareness programme.
Incident Response and Forensics
UNICC’s Digital Forensics and Incident Response (DFIR) services provide well-defined and industry standard incident handling procedures and programs for analyzing incident-related data and for determining appropriate responses to any organizational security incident.
Information Security Awareness
UNICC offers strategic advisory services to help an organization set up a state-of-the-art, effective information security awareness strategy, an industry-leading cloud-based learning lab and communications support including deliverables with messages, bulletins, posters and portal support.
PKI Digital Identity
UNICC’s PKI digital identity services are broadly divided into three categories: internal UN system-wide PKI services for secure communications between Agencies, hosting and managing of organizational PKI infrastructures and publicly-trusted PKI services complemented with a full range of certificate types.
Electronic Signature Services
UNICC provides an electronic signature solution in partnership with DocuSign, with automation technology to confirm the irrefutable validity of every signature in any process workflow, backed up by a comprehensive audit trail.
Secure AuthN Federated Authentication
The Secure Authentication Service provides a connection for enterprise solutions, platforms and applications to authenticate users against their own organizational identity management directory. With minimum modification (the service supports modern authentication protocols), any app can be registered to use the service.
Zero Trust Architecture (ZTA) Maturity Assessment
This service helps UN Partners to understand their current ZTA maturity level by reviewing the current organization enterprise architecture, products and technologies and provide a high-level roadmap that enables a ZTA to better protect their critical assets.
Cybersecurity Resilience Maturity Assessment
UNICC offers a holistic assessment service using the ISO 27001 standard as a reference framework to determine effectiveness of the organisation’s information security capabilities.
M365 Cybersecurity Services
With the constant updates and enhancements in the cyber security capabilities made available by Microsoft, UNICC Clients can leverage UNICC’s cybersecurity expertise to perform an overall security assessment of the risks influencing the M365 environment.
Cybersecurity Architecture Assessment
These services are focused on providing cybersecurity architecture review and assessment of organizations’ Azure or AWS environments. The assessment leverages Microsoft Azure or AWS security best practices and Cloud Security Alliance (CSA) controls matrix for technical and security architecture review.
Common Vendor Security Risk Assessment Services
This service helps organizations maintain due diligence with supply chains by holistically assessing the risk introduced by third parties.
Infrastructure and Network Support
UNICC’s Infrastructure and Network Support services span across infrastructure, platform and applications from the delivery of fully managed components to the utilization and analytics of tools as well as techniques.
Cybersecurity Network Architecture Assessment
This service is focused on providing cybersecurity network architecture review and assessment of organizations corporate IT environment. The assessment leverages security best practices and ISO 27001 security control framework for technical and security architecture review.
Organizational Resilience Management Services
UNICC Business Continuity/Disaster Recovery (BC/DR) Planning, or Organisational Resilience Management Services, is a comprehensive management and support system for Clients seeking to improve their organizational resiliency and ability to react to events that affect critical services or functions.Common Secure Conference
UNICC hosts an annual Common Secure Conference with the goal to bring its information security Partners together to increase the UN family circle of trust, share intelligence on cyber practices and provide feedback on UNICC Common Secure services. The multi-day workshop blends vendor and regional stakeholder sessions with feedback, presentations and input from participating Agencies.
