AB Storstockholms Lokaltrafik, SL (Stockholm Public Transport) needed to manage security in a large and complex technical environment, partly conducted by external suppliers. The client concluded that simply pushing a large set of security requirements onto the organisation did not give the expected results.
Cybercom suggested using a decentralised security process, allowing for interaction on the security requirements in a controlled way. The process further strived for an attractive balance between security investments and the risk appetite the business could afford. The goal was simply to achieve secure enough solutions per system and meet all relevant compliance requirements at the lowest possible cost.
The process was further supported by Cybercom Compliance Portal, guiding the organisation through the process and giving security management full control.
Torsten Regenholz (SL), Information Security & IT Security Manager, explains “Cybercom’s approach implies large savings for SL, as we continuously strive to maintain an adequate level of security, no more, no less. The visibility of our security status, provided by the Compliance Portal, is a proof of that.”