A media corporation looking to digitize securely
A media corporation company with a vision to become a leading content and service provider serving global Chinese communities. Its principal activities comprise Media and Media-related operations including Newspapers, Magazines, Recruitment Media, Books and Content Services.
The company brand dates back to 1938 when the daily newspaper of the same title was launched in Hong Kong. Over the years, it has become recognized as a global name in the print media market. Leveraging on the strength of the brand, the Group’s business has extended to a comprehensive portfolio ranging from free newspapers to magazines and electronic media. Based in Hong Kong and with a business network covering major cities of the PRC, the US, Canada, Europe and Australia, the Group employs around 1,500 staff worldwide.
Headquartered in Hong Kong, it is also available in 16 overseas editions sold in over 100 cities worldwide. Since 2005, the Group has established for itself a leadership position in Hong Kong’s free newspaper market.
At a Glance
Development and Integration
found in
staff force
What brings them to MXC
As a newspaper and magazines company, the trend of these media start to digitalize back in 2000. As more customer base start to view their content using applications instead of buy hard-copy of the contents, the company start getting more application developments throughout these years.
Just like other non-IT company, since information technology (I.T.) is not their core business and therefore, cyber-security risks always has been overlooked until recently. Since most of the newspaper and magazines content were started to digitalized, which means their most valuable content have chance to exposed to the web. As they does not have a security control, security checklists or coding guidelines when developing their applications, the security awareness across the employees and application quality can be various. In the worst scenario, a production application can be at risk without even knowing.
Challenges
- Lack of security awareness across the company throughout the development cycle. As the result, the developed applications could be no security controls to protect their most valuable thing.
- Since they does not have a development life cycle defined, no guidelines to help I.T. department to align the security controls throughout the department, therefore these factors lead to the application security quality could be various with different PM. These could bring more cost and time when vulnerabilities found in later stage of development cycle.
- These also lead to either development cannot meet the schedule or go-live with risks.
Results
Maximus or MXC CSS team was appointed as their Secure Software Development Life Cycle (SSDLC) trainer in order to improve their security awareness and adding security elements throughout their development life cycle.
Help them to brainstorm the security controls throughout the I.T. department and the development cycle which able to adopt into their company.
As the result, the training can align the security awareness across the team, develop their own SSDLC to improve the effectiveness of their ability to produce a more secured application throughout the cycle.