1. Security 2025 - Way Forward
Information Security Risk
Assessment
08 April 2025
2. Agenda
1- Cybersecurity Current
State 2025
3- Cybersecurity Strategy and Initiatives
2025
2- Cybersecurity Way Forward 2025
4- People Agenda – Security
resources
3. Taly – Cybersecurity Current State 2025
External
/
Internet
/
DMZ
Application/Sensor
LAN
IAM, Network Security, Security
Infrastructure and GRC
UNMANAGED / MANAGED CLIENTS Security and Monitoring
Endpoint Security
Endpoint Protection (EPP)
Endpoint Encryption (EEE)
Endpoint DLP
EDR
AD Authentication
VPN Client
Mobile Device Management
(MDM)
NAC
MFA
UBA
Application Whitelisting
NG Firewall
IPS
Web filtering
DLP
Antimalware
HSM
NPM/APM
DLP
EDR
FIM
GRC
GSLB
EDR
DDI
Email
Gateway
Sandbox
Load Balancer
Honeypot
Network Taps
IRR/ASM
Secure File
Transfer
Patch
Management
WAF App DDOS
FIM VPN
DB Encryption
Vul. Mgmt.
DAM
ATM Security
IAM/PAM XDR
ITSM
File and Folder Encryption
Control and Technology in place.
Control and Technology not in place.
Control and Technology require re-visit.
Data Discovery & Classification
Container
Security
SOAR
SAST/DAST
Security Domain Level 1
Initial
(Incomplete)
Level 2
Managed
(Repeatable)
Level 3
Defined
(Standardized)
Level 4
Quantitatively
Managed
Level 5
Optimizing
(Stable and
Flexible)
Identity, Consent & Privileged
Access Management
Security Infrastructure
Network Security
GRC, Security architecture and
design
System, Application, Mobile App
Security
24x7 Security monitoring & alerting
and SOC
VAPT, Security testing, and Breach
& Attack Simulations (BAS)
Security Team Resources & End-
user Security Awareness
Digital Delivery and Transformation
Office Security
CBE mandates, Cybersecurity
Framework
Internal Audit, and External Audit
requirements fulfillment
SOP, Policies, KPIs, KRIs
4. Taly – Cybersecurity Current State 2025
Control and Technology in place.
Control and Technology not in place.
Control and Technology require re-visit.
External
/
Internet
/
DMZ
Application/Sensor
LAN
IAM, Network Security, Security
Infrastructure and GRC
UNMANAGED / MANAGED CLIENTS Security and Monitoring
Endpoint Security
Endpoint Protection (EPP)
Endpoint Encryption (EEE)
Endpoint DLP
EDR
AD Authentication
VPN Client
Mobile Device Management
(MDM)
NAC
MFA
UBA
Application Whitelisting
NG Firewall
IPS
Web filtering
DLP
Antimalware
HSM
NPM/APM
DLP
EDR
FIM
GRC
GSLB
EDR
DDI
Email
Gateway
Sandbox
Load Balancer
Honeypot
Network Taps
IRR/ASM
Secure File
Transfer
Patch
Management
WAF App DDOS
FIM VPN
DB Encryption
Vul. Mgmt.
DAM
ATM Security
IAM/PAM XDR
ITSM
File and Folder Encryption
Data Discovery & Classification
Container
Security
SOAR
SAST/DAST
Security Domain Level 1
Initial
(Incomplete)
Level 2
Managed
(Repeatable)
Level 3
Defined
(Standardized)
Level 4
Quantitatively
Managed
Level 5
Optimizing
(Stable and
Flexible)
Identity, Consent & Privileged
Access Management
Security Infrastructure
Network Security
GRC, Security architecture and
design
System, Application, Mobile App
Security
24x7 Security monitoring & alerting
and SOC
VAPT, Security testing, and Breach
& Attack Simulations (BAS)
Security Team Resources & End-
user Security Awareness
Digital Delivery and Transformation
Office Security
CBE mandates, Cybersecurity
Framework
Internal Audit, and External Audit
requirements fulfillment
SOP, Policies, KPIs, KRIs
5. Taly – Cybersecurity Strategy and
Initiatives 2025
Leverage Security Benchmarks and Compliance Standards – CP Compliance Program
Fulfill CBE Cybersecurity, Audit, Governance, Compliance and Risk requirements
Enhance Cybersecurity Maturity – MP Maturity Program
Revamp existing controls to meet industry standards and business needs , Building new required controls
Stability Program and Enhance Customer Experience – SP Stability Program
Enhance Cybersecurity visibility, enable digital transformation and shifting left all security controls
Plan Employee Onboarding, Awareness and Education – EP Employee Program
Zero-day Onboarding/Offboarding/Transfer, enhance employee awareness
Develop, Document and Publish SOP, Policies, KPIs, KRIs – PP Policy/Procedures Program
Review/update current policies, procedures, KPIs and KRIs, and generate required
6. Project – Priority 1 Project Brief/Recommendation Strategic
Objective
Target date/Estimated Cost
EGRC, Security architecture and
design
Designing, acquiring and building an Enterprise GRC platform, that automates the work associated
with the documentation and reporting of the risk management and compliance activities.
RFP Shared with all stakeholders waiting for Business response to release.
CP
PP
Initiation End of Q1 – 2025.
Delivery End of Q3 – 2025.
Budget: 400 KUSD
ITSM Designing, acquiring and building an IT Service management platform that automates end-to-end IT
service delivery to meet business goals, including the creation, delivery, and support of IT services.
RFP Shared with all stakeholders waiting for Business response to release.
PP
EP
CP
Initiation End of Q4 – 2024.
Delivery End of Q4 – 2025.
Budget: 600 KUSD
Identity, Consent & Privileged Access
Management
Designing, acquiring and building an identity and access management platform that defines how
users, admins, and 3rd
party access Taly resources/services and what they can do with those
resources/services.
RFP under preparation, currently demos being conducted to define best practice meeting business
requirements.
CP
EP
MP
Initiation End of Q1 – 2025.
Delivery End of Q4 – 2025.
Budget: 600 KUSD
Mobile Application Shielding
SAST/DAST
Designing, acquiring and building Application security platform.
Demos being conducted for Mobile application shielding, to be followed by RFP
Fortify Application Security scanning acquired and, in the process, to implement
CP
MP
Initiation End of Q1 – 2025.
Delivery End of Q2 – 2025.
Budget: 800 KUSD
Data Security Designing, acquiring and building an end-to-end data discovery, data classification and data
protection platforms.
RFP under development parallel to demos to consider suitable technologies to cover data security
aspects
MP
CP
Initiation End of Q4 – 2024
Delivery End of Q3 – 2025.
Budget: 500 KUSD
Container Security Designing, acquiring and building a unified platform that address vulnerability management,
compliance, runtime protection and network security requirements for Taly Digital services.
Demos conducted with business (TO) and will consider as part of Firewall Tech refresh program
with Palo Alto.
SP
MP
Initiation End of Q1 – 2025.
Delivery End of Q2 – 2025.
Budget: 300 KUSD
Network Taps, NPM/APM, NDR Designing, acquiring and building a platform that provides perfect visibility over network,
applications and security traffic.
Demos and POCs started with market leading vendors to be followed by releasing RFP.
SP
MP
CP
Initiation End of Q1 – 2025.
Delivery End of Q2 – 2025.
Budget: 800 KUSD
SOP, Policies, KPIs, KRIs Reviewing, updating, developing, approving and publishing all IT relevant SOPs, Policies, KPIs and
KRIs.
IT GRC team started the mission focusing on reviewing current against audit requirements to
update and develop the needed SOPs, and Policies, will start afterwards in the KPIs and KRIs.
PP
CP
Initiation End of Q1 – 2025.
Delivery End of Q2 – 2025.
Budget: NA
Taly – Security Initiatives 2025
7. Taly – People Agenda
Security
Teams
IAM Security infra Network Security SOC Info Sec
3 3 2 7 External + 2 Internal 2
No IAM members in the organization leading operational instability and lack of controls.
No Security Infrastructure Team in place covering Endpoint, Data and Application Security.
No Information Security Team in place covering Vulnerability, and Patch management.
