6
Culture, training and awareness
Vodafone Group Plc Cyber Security Factsheet 2024
Introduction
Strategy
Risk management
Our operating model
Threats and incidents
Compliance
Operating model
Our approach to cyber security We have implemented a globally consistent cyber security operating model that is based on the leading industry security standards published by the US National Institute of Standards and Technology (‘NIST’). The model is designed to reduce risk by constantly identifying threats, protecting, defending and improving our security. We operate cyber capabilities with an in-house international team of over 900 1 employees. We augment our internal capabilities where necessary with third-party specialist technical expertise, such as digital forensics, red teaming and penetration testing. We use specialist resources to perform testing of our telecommunications networks. We also use qualified external resources to help during the implementation of change and improvement projects. Our scale means we benefit from global collaboration, technology sharing and deep expertise, and ultimately have greater visibility of emerging threats. An example would be our global security operations centre which takes inputs and telemetry from all the markets where we operate. Cyber security function Team Responsibilities Governance, Risk and Control – Cyber risk framework and management across the Group. – Define and track adoption of controls and procedures, and measure effectiveness. – Identify and reduce supplier cyber risk. Strategy and Secure by Design – Define cyber strategy aligned to technology and Company strategies. – Products, services and internal systems are secure by design. Cyber Prevent – Engineer, deliver and operate global security platforms, driving continuous improvement. Cyber Defence – Perform threat intelligence and security testing. Detect events and attacks through 24/7 monitoring. – Respond to events and incidents to minimise the impact to business and customers. Local Market Teams – Responsible for managing and embedding cyber security in our local markets, including meeting local cyber regulatory and compliance requirements.
Our approach to cyber security is summarised in the following diagram and the accompanying video linked below. In the video, cyber security experts from across teams in the cyber security function explain our approach across the lifecycle: identify, protect, detect, respond, recover and govern.
R i
Measure & Assess Risk
Set Policy & Select Controls
l
Risk & Threat-based Security
Deploy controls, Maintain Systems
Monitor & Respond to events
y
P
Scan or click to watch our cyber security experts summarise our approach to cyber security: investors.vodafone.com/videos
Powered by FlippingBook