At PwC, our advice is always independent; we sell no product, we gain nothing by driving technology implementations and we stand to lose trust if we do not speak truthfully and practically.
We make sure to advise you on the best course of action to meet your objectives, no what is fashionable right now.
Virtual CSO services
The Virtual CSO services assists you in managing your business risks with the right balance of experience, skill and knowledge of your business.
We work with you to be your “vCSO” therefore allowing you the freedom to focus on your core business. This is a long term approach where we provide the best fit skillset to work with your risk and security needs. This means you don’t have to explain what you are doing time and time again, we know, and we are with you to make it happen. From day to day decision making to strategic planning and input to IT strategy and investments we work as part of your team and lead by example, hoping to inspire others to follow.
ISSP and Security plans
ISSP and Security plans assists you in defining, or refining, a strategy.
We will work with you to input current thinking, global trends and local experience to ensure your future planning utilises the best of global security thinking implemented in the local environment. This can take the form of working with you an existing plan to realise it, helping to develop the security aspects of the ISSP from current business requirements or simply providing independent advice to guide the preparation and execution of an ISSP.
Security project support
Security project support services monitors technical accuracy, implementation accuracy and least-risk execution. This ranges from simply working with your team to actively managing projects and larger programmes of IT security work.
Our unique blend of technical skills married to project management expertise allows us to take a pragmatic and active view on ensuring the project aligns with prudent practice and also meets the business objectives.
Security architecture
Security architecture through applying pragmatic approaches to moulding accepted and documented ‘architectures’ into organisational cultures.
We understand that architectures vary from client to client and can bring to bear a myriad of experience in the most practical and prudent way to assist or develop your own security architecture.
Security and network design
Security and network design be it through supporting your internal resources or independently. This can be from inception, planning and requirements through to detailed design and deployment phases.
Our NZ based PwC Security team has a strong local track record of delivering detailed security implementations. Examples include:
- re-work and redeployment of email, proxy, DNS and NTP systems;
- design & deployment of SSL VPN RAS solutions;
- array of boundary security projects including implementations of up to 30 Firewall clusters in a complex operational environment.
Our unique approach means we employ our previous experiences in the security management space to work with you and ensure the designed systems can be managed cost effectively and with a manageable risk profile.
You can build anything but can you manage it?
Application security design and QA
Application security design and QA to support the lifecycle of legacy applications through to greenfields design projects we have delivered targeted security design and QA of applications.
Recent examples include:
- complete reverse engineering of an existing application and a complete set of as-built documents created for management reference;
- requirements definition and full detailed design process for a digital signing application.
Security Testing and QA
Security Testing and QA can be utilised in scheduled risk management programs or as part of a project process.
This type of testing uses real-world techniques to simulate the types of attacks systems can be exposed to both inside and outside of an organisation. With the advent of broader access mechanisms and more focus on exposing business assets to users outside the physical bounds of an organisation this type of testing can quickly be used to assess the relative risk level. Our approaches vary depending on the required outcomes but generally cover the underlying infrastructure right through to manipulating and manual attacking of applications.
All of our security and penetration testing is done in a structured manner, and utilises our proven methodology.
IT Security operations and management support, advice and review
Our team holds extensive background and experience in the operational security management arena.
Our approach to operations is to try and make things simple. Simplicity generally results in lower risk and higher comfort that systems are operating in the expected manner.
Security management can be an area fraught with tools, methodologies and complex outputs. Our history shows that we can find the best balance between your needs and practical solutions to these.
Mentoring and secondments
Mentoring and secondments are pivotal to our development of our PwC Security group.
Working in industry keeps our skills relevant in the marketplace. Seconding one of our team into your organisation for a period of time can provide an enormous benefit in terms of technical skill-sets and ‘different’ experiences which cross-pollinate through your team.
This information flow works both ways and our presence on the marketplace and active participation in deployments and operational management mean you get real experience, not white-paper experience.