Risk and Opportunity Assessment
We work with organisations to assess the likelihood of a security incident and the true consequence to the organisation should one occur. We will help you identify the information assets that really matter to you and will help you through the process of selecting appropriate security controls that maximise their protection and your digital opportunities.
Certification and Accreditations
We measure the effectiveness of an organisation’s security controls and processes against an agreed standard, providing a level of assurance to the information owner that a system can be accredited for use.
IT Health Checks
We perform regular health checks of an agreed set of security controls and processes to measure their ability to manage risk. We then track this effectiveness over time, allowing us to work with organisations to define and track a security-improvement programme.
Security Incident Management
PwC is uniquely positioned to help you rapidly respond to, investigate and remediate security incidents. We help to identify the source, location and nature of the incident, assess the business risk and customer impact, and provide assistance to remediate vulnerabilities to minimise the impact and to prevent future occurrences. What sets us apart is our ability to combine technical skills and business strategies to protect your brand value.
Security Training and Awareness
We work with organisations to create and deliver (where required) security awareness training tailored to the roles within that company or department. Our security-awareness training considers the current threat landscape and we perform real-world testing to help organisations measure the effectiveness of the education.
Privacy
The management, maintenance and preservation of privacy is a fundamental component of establishing and maintaining trust. We provide support across all stages of the privacy lifecycle – from the privacy strategy, governance structure, information inventory, processes and privacy framework. Through this methodology, we can assess the privacy environment in terms of maturity and regulatory requirements, safeguards and the information protection culture to identify control gaps and benchmark results.
Virtual CSO/Security Co-source Partnership
We can work with you to be your virtual security capability, either through a co-source partnership or access to dedicated, experienced security resources. This is a longer-term approach where we provide the best skills to help you manage you risk, allowing you to focus on your business. We work with you to understand your organisation and work as part of your internal team to provide pragmatic security advice and guidance on what will work and won’t for your organisation.
Strategy and Governance
We can assist you in defining or refining a strategy based on your level of risk and how to you want it to be managed. Examples of this include implementing an uplift in security capability. We work with you to understand the level of capability needed, then co-create your strategy and work with you through to execution. Our process includes ensuring that the realisation of the strategy is sustainable by making sure the most appropriate governance is in place to support the uplift.
System Architecture Design and Build
We can augment your existing team to assist the development and design of systems and networks. Ranging from project inception and planning through to detailed design and implementation, we can work with you and employ our previous experiences in security design, deployment and operational management so that any design is practical and able to be cost-effectively managed in line with your risk profile.
Testing etc. VA, Red Teaming
The PwC Red Team can assist you in understanding your exposure to threat actors. We deliver specialised vulnerability assessment and penetration tests across a range of technologies – including mobile, web and embedded (IoT) devices. We can help challenge current perspectives on who might target your systems, services and information, as well guiding the process to manage and address vulnerabilities.
Identity and Access Management
Emerging technologies such as cloud computing, mobile, social networks, Big Data and AI expand the way enterprises do business, and interact with stakeholders including customers, employees and business partners in the digital world. Enabling business agility while securing the critical identity data has become more challenging.
Identity and Access Management (IAM) refers to a set of business processes and supporting technologies that enable the creation, maintenance, and use of digital identities within an organisation. The impact of IAM on user communities, application portfolios, and information resources is extensive. IAM services are enabled through governance, people, process and technology. Our Cyber team includes identity specialists with international experience in delivering the IAM capabilities from strategy through to execution and operation.