Global Information Technology


February 24, 2014

Cyber Security and the Internet of Everything

Over the past decade, as more and more of us turn to the Internet to do business, so have cyber criminals. Managing the onslaught of cyber threats has become a full-time job. West recognizes the importance of a sound strategy for addressing cyber security to ensure we are making the right investments to protect our information assets, our personally identifiable information, and our reputation from attacks.

West has taken a risk-based approach to determine the greatest information threats and vulnerabilities facing our business and to ensure we have secure communication with our business partners. Our IT security investments will help us to achieve our primary goals, which are to improve our resilience to cyber attacks as well as to raise awareness and response to these threats. Through the formation of a Global Security Council, comprised of colleagues across the West organization, we are developing a governance model to ensure our information assets are safe and reliable.

A key outcome of this strategy is our investment roadmap, which incorporates a combination of technical and organizational controls that span the breadth of our global business. We asked questions such as, “What business processes and workflows are most vulnerable to attack?” “How can we ensure that our networked applications communicate only with trusted, verified partner applications?” and “How can we ensure that confidential information can be exchanged over email or Internet-based services with reasonable assurance that it won’t be intercepted and disclosed to an unauthorized party?”

The answers to these questions led us to develop a series of security awareness communications along with technical measures such as strengthening servers and deploying encryption technology. We are also incorporating organizational measures such as developing and enforcing security policies and auditing and monitoring network activities. To achieve this, we are organizing the program into three broad categories:
• Review of business processes and workflows
• Review of technical infrastructure
• Definition of security policies and procedures
Addressing all three enables us to achieve both the technical and organizational aspects of our cyber security strategy.

At West, we realize that we will not be able to protect our information assets, our employees and our customers over the long term without taking a holistic approach to evolving cyber risks and threats, enabling us to be by your side in the digital world.