Ibrahim Diagana

OECD IAE

Project: Support for the implementation of the risk management framework and the definition of associated processes.

Phase 1: Identification of the value chain (through workshop facilitation)

- Define an impact and vulnerability matrix

- Identify assets

- Evaluate the impacts of dreaded events and security needs

- Define risks

Phase 2: Strengthening the information system security framework

- Establish risk governance

- Describe stakeholder roles and responsibilities

- Formalize project security concepts and establish a security overview

Phase 3: Adding security controls to the ISS framework

- Establish best practices and usage (email included) in the workplace for employees

- Establish third-party management processes

- Establish incident management processes

Project: Assistance to the CACIB CISO in the implementation and management of IT security

- Drafting of the approval procedure for essential applications

- Construction of the ransomware attack response process and collection of related operational procedures (Project be Robust - Enhanced reconstruction)

- Creation and updating of the monitoring dashboard for internet-exposed applications

- Creation and updating of the monitoring dashboard for security non-compliance of the CASA PC and server fleet

- Monitoring of non-compliance remediation actions

- Participation in various cybersecurity-related committees

Project: Definition of the Identity and Access Management policy for the Allianz Partners group and harmonization of practices within the various subsidiaries (29 entities)

- Clarification of IAM governance

- Definition and harmonization of IAM processes within the group's different entities (joiners/movers/leavers)

- Development of training materials and facilitation of training sessions on the group's IAM procedures for BU Managers

- Review of critical application authorizations in several waves (142 applications reviewed in 2021, in 2 successive campaigns):

o Coordination of Business Application Owners

o Collection and analysis of review evidence

o Weekly reporting to the group CISO

- Coordination of technical project managers and progress monitoring of various IAM projects (restructuring of local Active Directories / cleanup of service accounts / implementation of a new interface between the identity management tool – GIAM and the various HR tools)

- Implementation and monitoring of monthly IAM KPIs and reporting to the IAM steering committee composed of the group CISO, group CIO, and IAM project managers.