2. AGENDA
Current landscape and next steps
100 days agenda
3 years roadmap
Vendor details and evaluation
Team structure and requirement
3. CYBERSECURITY – CURRENT LANDSCAPE AND NEXT STEPS
Cybersecurity
Solutions
SOC &
Brand
Monitoring
DLP/MDM
VLAN/NAC
Zero Trust
Password
less Access
PIM/PAM
OT Security
Dell Data
Encryption
Sophos
Endpoint
Security
•SOC POC to be started by 15-Nov-22
•NAC implementation in Ruby office, expected
completion by 30-Apr-23
•Zero Trust Solution (ZScaler) evaluation and
Business case study has been done, meeting to be
done with Gandharv to walkthrough the solution by 15-
Nov-22
•Passwordless Authentication evaluation done, POC to
be started
•PIM/PAM solution evaluation done, POC to be started
LANDSCAPE NEXT STEPS…
4. Sr.No Project Description Utilization Status Target date Resource Partner
Business
Team
Budgeted Cost
1
SOC POC, Implementation and
finalisation along with MDR
40%
Under
Evaluation
POC
30-12-2022
Niranjan,
Shailesh
Inspira,
Secureview,
Softcell
Cyber & Infra
Team
5000000
2
IT Security Policies Review and
Rollout
15% In Progress 15-11-2022
Niranjan,
Ashok
None
Cyber & Infra
Team
-
3
Quarterly Phishing drills and Cyber
awareness trainings
15% In-Progress 31-12-2022 Niranjan
Projist,
ComplyKaro
HR & BU’s 1200000
4 Email SPAM Gateway Closure 10% In-Progress 15-11-2022
Niranjan,
Jigar
Fortinet solution
via partner Insight
Cyber & Infra 2400000
5 EY Audit Preparation 10% Yet to Start 12-11-2022 Niranjan EY Dharmesh -
6
Bi-annual VA/PT Infra,Web &
Mobile Apps as per scope + Out of
scope web & mobile apps
Pentesting
45% In Progress 31-05-2023 Niranjan Deloitte
Respective
App Owners
3500000
& 3 lakhs per out
of scope Web,
Mobile Apps (iOS,
Android) Testing
7
Patch Management
Implementation and Rollout
15% In Progress 31-12-2022 Niranjan Hitachi
Infra and
TCPL
2000000
150%
CYBER 100 DAY’S AGENDA – CATEGORY A, PRIORITY 1
5. PROPOSED 3 YEAR’S ROADMAP FOR CYBERSECURITY INITIATIVES – HIGH LEVEL PLAN
Initiative Description
FY 22-23 FY 23-24 FY 24-25
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4
DLP & Mobile Device Management (MDM)
Partner Evaluation, Finalization and Release PO
Data Classification
CASB Implementation
MDM Configuration & Implementation
Password less Authentication
POC and Rollout
Privilege Identity and Access management
POC and Rollout
Zero Trust Implementation - Secured and Cost Optimization
Solution Evaluation, Feasibility study and Design
Zscaler (Secure Gateway, Proxy & Replace MPLS) – POC & Rollout
Brand Monitoring via Dark Web – Protect Brand Reputation
Partner Evaluation
Partner Finalization and Release PO
Service Enablement and Monitoring
VLAN & NAC Setup across 8 Locations
VLAN at Mahim HO
Halol and Daman (post availability of Cisco L3 Switch)
Remaining locations (Depends on delivery of Switches)
OT Security and IEC 62443 Compliance at Halol, Daman
Partner Evaluation and Feasibility Study
POC and Rollout
Risk and Gap Assessments, Backup restorations and BCP
IT Policy Review, Cybersecurity Drills and Awareness Workshops
Cyber Range (Blue Teaming) Cyber Audit Readiness
On going
6. Sr
No
Vendor Purpose
Annual
Spend
Remarks
Service
Quality
Timeline
Adherence
(SLA)
Resource
Availability
Replacement
Required
Justification
If any
1
Hitachi Systems India
Pvt. Ltd.
Patch
Management
20 - 25
lacs
Endpoint and servers system
patching with latest updates
Yes No
2
Deloitte Touche
Tohmatsu India LLP
VAPT
15 - 20
lacs
Perform Servers, Application and
Hardware vulnerability testing
Good Partial NA No
3
Wysetek Systems
Tech Pvt Ltd
Security Device
(FW)
1.5 lacs
DC Palo Alto hardware/software
support
NA No
4 ProgIST Solutions DMARC/Phishing
3 - 3.5
lacs
Email based security NA No
5
Insight Business
Machines Pvt Ltd
Web Application
Firewall Radware
for Polycab website
5 lacs
Additional and Recommended
security for our primary website :
https://www.polycab.com
Litigation &
Retention Hold for
all E3 users
3.5 lacs
Being used as a Backup solution for
all Endpoints
Email Security
Spam Gateway
Fortinet
22 lacs
POC done commercial finalization
with Vendor
6
Team Computers Pvt.
Ltd.
IT Infra and
Security support
84 lacs Performance detoriating
Poor to
Average
Not
compliant
No Yes
Technically
not sound,
Lack of SME
CYBERSECURITY – VENDOR DETAILS AND EVALUATION
7. CYBERSECURITY TEAM STRUCTURE
Cybersecurity
Head
SOC Analyst
Cybersecurity
Analyst
Tech Risk
Compliance and
DPO
DLP Analyst
Monitoring of Logs for
Incidents &
Abnormalities in
Network and working
on remediation
Coordinate and
Validate VA/PT
reports and Fix along
with Applications
Owners & 3Ps
Continuous
monitoring & nullifying
false positives and
intimate Risk
compliance officer for
further action
IT and Cyber Audit
readiness, manging
Risk Register,
Periodic GAP
Analysis, etc.