Use Cases
Innovation in Action
Real-world Problems, Real-world Results
Welcome to our Use Cases page, where we showcase how 1CSR has empowered organizations to turn their challenges into opportunities for growth and innovation. From developing a comprehensive cybersecurity roadmap for the Metropolitan Water District of Southern California to establishing a robust Security Operations Center for the California Department of Technology, our solutions are tailored to meet the unique needs of each client. Dive in to explore how we’ve helped these organizations enhance their security posture, increase resilience, and achieve real-time threat prevention and response.
Our Comprehensive Solutions
From initial deployment and implementation to flexible services management, our use cases showcase a wide array of capabilities, all tailored to meet the unique challenges and requirements of each client. Explore how we’ve successfully transformed obstacles into opportunities, delivering customized solutions that drive real-world results.
California Department of Technology
SPLUNK SECURITY TOOLS INFRASTRUCTURE SUPPORT
Mission
The California Department of Technology (CDT) is committed to partnering with state, local government and educational entities to deliver digital services, develop innovative and responsive solutions for business needs, and provide quality assurance for state government Information Technology (IT) projects and services.
Role/ Responsability & Authority
CDT is the guardian of public data, a leader in IT services and solutions, and has broad responsibility and authority over all aspects of technology in California state government, including: policy formation, inter-agency coordination, IT project oversight, information security, technology service delivery, and advocacy.
California Department of Technology (CDT), Office of Information Security (OIS) has been tasked to standup a Security Operations Center (SOC) that will monitor and protect the California Government Enterprise Network (CGEN) as well as CDT provided information technology services at both the Rancho Cordova and Vacaville data centers. This request was to enable OIS thought 1CSR’s qualified personnel with expertise to configure and install the network, systems, and software of a Security Solution environment that OIS is implementing to provide continuous prevention, protection, detection, and response capabilities against threats in real time.
1CSR provided consulting services with technical and business expertise to assist with Splunk integration, configuration, implementation, tool optimization, training and ongoing support. Key areas we supported.
Coordinate with CDT technology groups to ensure all system logs are sent to Splunk. Complete close-out of current version of SOC tools implementation.
- Perform a technical audit of any cloud-based virtual systems and networks providing infrastructure for the security tools and users environments and ensure they both meet security best-practices and integrate with all other CDT environments with as much logical isolation as possible.
- Document architecture of all SOC tools, systems, and environments, including both network diagrams and system diagrams.
- Document maintenance and operations procedures for all SOC tools, systems and environments, including: installation procedures, configuration procedures, disaster recovery procedures, migration procedures, patching procedures.
- Recommend and design a future-state architecture for both SOC environments (i.e., security tools and security users).
- Assist the CDT with any other tasks needed to ensure proper integration of Splunk and other security tools and environments that meet security best-practices.
CDT is now able to monitor and protect the California Government Enterprise Network (CGEN) as well as CDT both the Rancho Cordova and Vacaville data centers.
CDT is successfully providing continuous prevention, protection, detection, and response capabilities against threats in real time.
California Department of Technology
INTEGRATED RISK MANAGEMENT
Mission
The California Department of Technology (CDT) is committed to partnering with state, local government, and educational entities to deliver digital services, develop innovative and responsive solutions for business needs, and provide quality assurance for state government Information Technology (IT) projects and services.
Role / Responsibility & Authority
CDT is the guardian of public data, a leader in IT services and solutions, and has broad responsibility and authority over all aspects of technology in California state government, including: policy formation, inter-agency coordination, IT project oversight, information security, technology service delivery, and advocacy.
The California Department of Technology (CDT) faces the complex task of managing various risks across multiple departments and agencies. These risks range from cybersecurity threats to compliance issues related to state and federal regulations. The challenge is to implement an Integrated Risk Management (IRM) solution that can consolidate these risks into a unified framework, allowing for real-time monitoring, assessment, and mitigation.
CDT opted for the ProVision FIRM Unified Audit & Compliance solution to address its Integrated Risk Management needs. The solution involved:
- Conducting a comprehensive risk assessment across all departments to identify vulnerabilities and compliance gaps.
- Customizing the ProVision FIRM platform to align with CDT’s specific risk profiles and compliance requirements.
- Integrating the ProVision FIRM solution with existing IT systems for seamless data flow and real-time monitoring.
- Training CDT staff on how to use the ProVision FIRM platform effectively for risk assessment, monitoring, and reporting.
- Providing ongoing support and updates to ensure the ProVision FIRM platform remains aligned with evolving compliance standards and risk landscapes.
- CDT now has a unified platform that consolidates all risk-related data and compliance requirements, making it easier to manage and mitigate risks effectively.
- The ProVision FIRM solution has automated many of the previously manual processes, saving time and reducing the likelihood of human error.
- Real-time monitoring capabilities have enhanced CDT’s ability to quickly identify and respond to risks, thereby improving overall security and compliance postures.
- The solution has streamlined inter-agency coordination, as all departments now have access to a centralized risk management platform.
- CDT is better positioned to adapt to changing regulations and emerging risks, thanks to the flexibility and scalability of the ProVision FIRM platform.
Metropolitan Water District of Southern California
Cybersecurity Operations Center
Our Mission
The mission of the Metropolitan Water District of Southern California (MWDSC) is to provide its service area with adequate and reliable supplies of high-quality water to meet present and future needs in an environmentally and economically responsible way.
Role / Responsibility and Authority
Metropolitan is the top two largest water utility in US territory, consists of 26 member agencies that include 14 cities, 11 municipal water districts, and one-county water authority. MWDSC is responsible for safeguarding the water supply infrastructure, ensuring data integrity, and maintaining the security of its digital assets.
MWDSC recognized that by not having a centralized Cybersecurity Operations Center (SOC) can pose several challenges such as:
- Lack of Visibility
- Inadequate Incident Response
- Higher Risk of Data Breaches
1CSR was awarded to build the SOC from the physical construction design to the operational and optimization level.
Key Steps:
- Budget and Approval: Our subject matter experts worked in conjunction with MWD stakeholders, vendors, and the procurement office to submit the request for budget. After presenting the project scope and objectives, we backed it up with facts by identifying the cost of implementing control vs the cost of not implementing control.
- Design and Build: After approval, our next step was to design the SOC architecture and build teams.
- Implementation: Implement SOC processes and procedures to operate effectively.
- Monitoring and Analysis: Moving on to implement security monitoring and analysis tools to detect and respond to security incidents.
- Outsourcing: Next, we issued an RFP to outsource 24x7x365 Co-Managed Support Services.
- Refinement: Lastly, we continue testing and refining the SOC processes and procedures to ensure they are still relevant and effective.
SOC provides numerous benefits for MWD, including:
- Early Detection: Early detection of security threats.
- Incident Response: Improved incident response capabilities.
- Reduced Downtime: Reduced downtime and business disruption.
- Enhanced Visibility: Enhanced visibility and control over the network.
- Compliance and Audit: Meeting compliance and audit requirements.
- Cost Savings: Long-term cost savings by preventing potential security incidents.
Metropolitan Water District of Southern California
Governance, Risk, and Compliance Program
Our Mission
The mission of the Metropolitan Water District of Southern California is to provide its service area with adequate and reliable supplies of high-quality water to meet present and future needs in an environmentally and economically responsible way.
Metropolitan is one of the largest water utilities in the U.S., consisting of 26 member agencies that include 14 cities, 11 municipal water districts, and one county water authority.
Metropolitan faces multiple challenges in ensuring the security and reliability of its operations:
- Lack of awareness and understanding of cybersecurity risks.
- Limited resources and budget constraints.
- Evolving cybersecurity and privacy regulations.
- Complex IT infrastructure and integration challenges.
- Third-party risks and supply chain vulnerabilities.
- Incident response and recovery preparedness.
- Need to maintain complete and current documentation of IT and OT operations (including policies, standards, and procedures).
To address these challenges, Metropolitan has implemented a multi-faceted Governance, Risk, and Compliance Program:
Cybersecurity Awareness: Conduct regular cybersecurity awareness training for all employees, including management, to educate them about potential risks, best practices, and their role in maintaining a secure IT environment.
Resource Allocation: Prioritize cybersecurity investments based on risk assessments and allocate resources accordingly. Consider leveraging cost-effective solutions such as cloud-based security services or outsourcing certain security functions to specialized third-party providers.
Regulatory Compliance: Establish a dedicated team or designate a cybersecurity officer responsible for monitoring and staying updated on current and impending cybersecurity and privacy mandates. Implement a process to assess the impact of new regulations on Metropolitan and develop plans to ensure compliance.
Infrastructure Security: Perform regular assessments of the IT infrastructure to identify vulnerabilities and areas requiring improvement. Implement strong access controls, network segmentation, and multi-factor authentication to enhance security. Use security frameworks and standards to guide the design and implementation of security controls.
Vendor Management: Establish a vendor management program that includes due diligence assessments of third-party vendors’ cybersecurity capabilities. Implement contractual clauses that require vendors to adhere to specific security standards and regularly report on their security posture. Monitor vendor activities and periodically review their compliance with contractual obligations.
Incident Response: Develop and regularly test an incident response plan that outlines roles, responsibilities, and procedures for responding to and recovering from cybersecurity incidents. Conduct tabletop exercises or simulated incident scenarios to evaluate the effectiveness of the plan. Establish partnerships with external incident response teams to ensure prompt and efficient response when needed.
Documentation and Policy Management:
A. Policy Framework: Create a structured framework that encompasses all aspects of IT and OT security, including policies, procedures, guidelines, and standards. Clearly define roles and responsibilities for security management and ensure that the documentation is regularly reviewed, updated, and communicated to relevant stakeholders.
B. Management System: Utilize a dedicated policy management system or a centralized documentation repository to store and manage security policies, procedures, and related documents. Ensure that the system is accessible, searchable, and includes version control capabilities.
C. Regular Audits: Establish a periodic review and audit process to assess the completeness, accuracy, and effectiveness of security policies and procedures. Engage internal or external experts to perform audits and ensure alignment with industry standards and best practices.
The Governance, Risk, and Compliance Program has yielded multiple benefits for Metropolitan:
Employee Awareness: Increased knowledge and awareness help employees make better decisions, recognize and report potential threats, and contribute to a culture of cybersecurity.
Resource Optimization: Optimal allocation of limited resources maximizes the effectiveness of security measures, improves risk mitigation capabilities, and reduces the likelihood of successful cyberattacks.
Regulatory Compliance: Proactive compliance with regulations helps avoid penalties, maintain customer trust, and protect the utility’s reputation. It also demonstrates a commitment to cybersecurity and privacy, enhancing customer confidence.
Infrastructure Security: A secure and well-integrated IT infrastructure reduces the likelihood of successful cyberattacks, protects sensitive data, and ensures the reliability and availability of critical systems.
Vendor Security: Effective third-party risk management mitigates the potential for supply chain attacks, protects sensitive data shared with vendors, and maintains the overall security of operations.
Incident Preparedness: A well-prepared incident response capability minimizes the impact of cyber incidents, reduces downtime, and facilitates swift recovery. It also demonstrates Metropolitan’s ability to handle incidents to stakeholders and regulatory authorities.
Documentation Benefits:
A. Clarity and Consistency: A well-documented security policy framework provides clear guidelines and expectations for employees and stakeholders, ensuring consistency in security practices.
B. Compliance and Accountability: Documented policies and procedures demonstrate compliance with industry standards and best practices, reducing the risk of penalties and regulatory issues.
C. Effective Decision-Making: Maintaining up-to-date documentation enables informed decision-making regarding security controls, incident response, and risk management.
By addressing these challenges effectively, Metropolitan has significantly enhanced its cybersecurity posture, ensuring the safe and reliable delivery of water to Southern California.
Metropolitan Water District of Southern California (MWDSC)
Project Management and Program Management
Bringing Water to Southern California: Our Mission
The mission of the Metropolitan Water District of Southern California (MWDSC) is to provide its service area with adequate and reliable supplies of high-quality water to meet present and future needs in an environmentally and economically responsible way.
Role / Responsibility and Authority
Metropolitan is the second-largest water utility in the U.S., serving a diverse community through its 26 member agencies, which include 14 cities, 11 municipal water districts, and one county water authority. As a leading authority in water management, MWDSC is responsible for the planning, development, and execution of complex water supply and infrastructure projects.
MWDSC allocates an annual budget of $349 million for various projects. The Project Management Office (PMO) plays a pivotal role in ensuring the successful execution of these high-volume and complex projects.
The challenge lies not only in providing the requisite professional services in project management, project controls, and administrative services but also in adapting to the organizational culture and deeply understanding the mission behind each project.
1CSR has been a trusted partner of MWDSC for five consecutive years, specializing in Project and Program Management. Our team has consistently demonstrated value by:
- Providing expert guidance, direction, and specialized assistance to Metropolitan’s managers for the resolution of complex project control issues.
- Leading the project control efforts, which include planning, scheduling, cost analysis, monitoring, and reporting for various programs and projects.
- Adapting to MWDSC’s unique organizational culture and aligning our services with their mission, thereby ensuring a seamless integration of our expertise into their operations.
The partnership with 1CSR has yielded significant benefits for MWDSC:
- Enhanced Project Efficiency: Through expert planning and scheduling, projects are completed on time and within budget.
- Cost Savings: Effective cost analysis and monitoring have led to more efficient use of the $349 million annual project budget.
- Alignment with Mission: 1CSR’s deep understanding of MWDSC’s mission ensures that all projects not only meet technical requirements but also contribute to long-term sustainability goals.
- Improved Reporting: Advanced monitoring and reporting mechanisms provide real-time insights, enabling better decision-making.
- Cultural Synergy: 1CSR’s ability to adapt to MWDSC’s organizational culture has fostered a strong, collaborative relationship, making ongoing and future projects more streamlined and effective.
Metropolitan Water District of Southern California
SIEM (Security Information and Event Management) Implementation
Our Mission
The mission of the Metropolitan Water District of Southern California (Metropolitan) is to provide its service area with adequate and reliable supplies of high-quality water to meet present and future needs in an environmentally and economically responsible way.
Role / Responsibility and Authority
Metropolitan is among the top two largest water utilities in U.S. territory. It consists of 26 member agencies that include 14 cities, 11 municipal water districts, and one county water authority. Metropolitan is responsible for ensuring the security, quality, and reliability of water supplies while also safeguarding critical infrastructure and data.
The Metropolitan Water District faces the daunting task of securing its vast and complex water supply network, which includes multiple data centers, control systems, and user environments. The challenge is to implement a robust Security Information and Event Management (SIEM) system that can provide real-time monitoring, threat detection, and rapid incident response across all operational areas. This is crucial for both compliance with regulatory standards and for ensuring the uninterrupted supply of high-quality water to millions of residents.
To address these challenges, a comprehensive SIEM solution was implemented with the following key components:
Initial Assessment: Conduct a thorough audit of existing security protocols, network configurations, and data flows.
Log Integration: Coordinate with various departments to ensure all system logs are integrated into the SIEM platform for real-time analysis.
Configuration & Tuning: Optimize the SIEM system to focus on key performance indicators and threat vectors specific to water utility infrastructure.
Training: Provide hands-on training to the internal security team for effective use and maintenance of the SIEM system.
Ongoing Support: Offer 24/7 support for incident response and system troubleshooting.
Compliance Reporting: Generate automated reports to ensure compliance with federal and state regulations related to water quality and infrastructure security.
Future-Proofing: Recommend and design a scalable architecture that can adapt to emerging threats and growing infrastructure needs.
By implementing the SIEM solution, Metropolitan has achieved the following benefits:
Enhanced Security: Real-time monitoring and alerts have significantly reduced the time to detect and respond to security incidents.
Regulatory Compliance: Automated reporting features ensure that Metropolitan is consistently in compliance with all relevant water quality and security regulations.
Operational Efficiency: The SIEM system has streamlined the process of data collection and analysis, freeing up staff to focus on other critical tasks.
Cost Savings: By proactively identifying and mitigating security risks, Metropolitan has avoided potential fines and reduced the costs associated with data breaches and system downtime.
Future Readiness: The scalable architecture ensures that the system can adapt to future challenges, safeguarding the water supply for years to come.
Metropolitan Water District of Southern California (MWDSC)
Cybersecurity Roadmap Development and Execution
Our Mission
The Metropolitan Water District of Southern California (MWDSC) is committed to providing its service area with adequate and reliable supplies of high-quality water to meet both present and future needs in an environmentally and economically responsible manner.
Role / Responsibility and Authority
As one of the top two largest water utilities in the U.S., Metropolitan comprises 26 member agencies, including 14 cities, 11 municipal water districts, and one county water authority. The organization is responsible for safeguarding critical water infrastructure and data, ensuring the uninterrupted supply of clean water to millions of residents.
In 2018, MWDSC established its Office of Cybersecurity for the first time as a dedicated unit to protect the organization’s critical infrastructure and data. The first Chief Information Security Officer (CISO) was hired with the mandate to build a specialized team, centralize cybersecurity operations, and formulate comprehensive policies. The challenge lay in creating a detailed cybersecurity roadmap that would serve as a strategic guide for enhancing the organization’s overall security posture.
Newly appointed CISO, Jake Margolis, engaged his trusted vendor community to support the monumental task ahead—orchestrating the Office of Cybersecurity. 1CSR was selected for its expertise and proven track record to design and implement the cybersecurity roadmap.
1CSR’s Seven-Step Approach:
- Define Goals: Establish clear objectives aligned with MWDSC’s mission and operational needs.
- Assess Current Posture: Conduct a thorough evaluation of existing security measures and infrastructure.
- Identify Risks: Pinpoint vulnerabilities, potential threats, and areas of improvement.
- Prioritize Initiatives: Rank identified risks and initiatives based on impact and feasibility.
- Create Plan of Action: Develop a detailed action plan, complete with timelines, resources, and KPIs.
- Implement Plan: Execute the action plan, ensuring alignment with organizational goals and compliance standards.
- Monitor and Evaluate Progress: Continuously track key metrics, making adjustments as necessary to optimize outcomes.
1CSR delivered a comprehensive cybersecurity roadmap that serves as a strategic blueprint for MWDSC’s cybersecurity initiatives. The benefits realized include:
- Improved Security Posture: Enhanced protection against a wide range of cyber threats.
- Increased Resilience: Strengthened ability to recover from cyber incidents.
- Compliance Readiness: Ensured alignment with industry regulations and standards.
- Budget Planning: Provided a structured framework for allocating resources effectively.
- Increased Awareness and Communication: Elevated cybersecurity awareness across the organization, fostering a culture of shared responsibility.
- Modernized Tools and Processes: Updated and streamlined cybersecurity tools and operational processes.
- Strengthened Teams and Partnerships: Built stronger internal teams and external partnerships, enhancing collective cybersecurity capabilities.
Forge a Resilient Digital Future: Partner with Us
Equip your organization with the insights needed to make informed decisions and navigate business transformation confidently.