The European Organisation for Research and Treatment of Cancer (EORTC) is Europe’s leading cancer clinical research organization. EORTC conducts leading clinical research to understand why cancers develop and evaluates and compares the most effective treatment options to improve the survival and quality of life of cancer patients in more than 730 university hospitals and cancer centers in 48 countries.
To assess and improve the organization’s security posture.
The Advantio Capability Maturity Assessment (ACMA) provided critical visibility to help the client enhance its security posture.
The EORTC operates in a highly regulated market where clinical trial data is collected in large quantities. Organizations are imposed with significant fines for failing to fulfill their data protection obligations for all sensitive and personal data protected under the EU-wide GDPR. Given the cutting-edge therapies, treatments, and drugs the EORTC is also involved in trialing and developing, IP flowing through its IT systems, it can be a prime target for threat actors. These could be financially motivated cyber-criminals or even nation-state operatives looking to gain an advantage.
Other cyber-risks stem from the large ecosystem of third-party partners the EORTC works with, including clinicians/doctors, hospitals, researchers, and pharmaceutical companies, among others. These collectively represent a significant supply chain risk.
– Pascal Ruyskart
Head of the EORTC Information Technology department
Developed by Advantio, the ACMA is a framework for assessing security posture which allows organizations to make strategic risk-based decisions about where to target their investments. It focuses on internal policies, external standards, and compliance.
The ACMA’s holistic methodology focuses on IT and cybersecurity business functions, enabling organizations to:
Advantio was engaged to perform its ACMA on the EORTC’s IT department. This was done in two separate stages, between July and August 2019. First, an onsite assessment rated the maturity of the EORTC’s processes and related adoption. Next, a black box penetration test was performed on its external web-facing applications.
Thanks to a comprehensive ACMA, Advantio was able to provide the EORTC with a full maturity assessment report and maturity score. This gave the customer a good sense of where any security gaps were that needed filling. An implementation plan with timelines and costings provided more information on how the EORTC could go about putting these changes into practice.
In the end, the EORTC was able to gain invaluable awareness of the level of cyber risk facing the organization and its industry peers. With this visibility and a concrete action plan, it was able to take practical steps to improve its cybersecurity operations and build more rigorous defenses against commodity attacks. The organization is now in a much stronger position from a security posture perspective than it was pre-ACMA.
Tell us more about you and one of our experts will call you back