Penetration Testing & Ethical Hacking
PwC’s penetration testing team performs infrastructure and application penetration testing that focuses on identifying and validating vulnerabilities associated with critical infrastructure and business applications, both internal and external facing.
Case: cybercrime is rapidly evolving (according to recent survey of leading analysts). Hackers exist both outside and inside the Company. Risk of “probing” as well as “hacking” of Company’s information resources is likely, as autonomous viruses can perform such unauthorized activities.
Our services include:
- Comprehensive infrastructure penetration testing
- Website security testing procedures
- Black-box and white-box approach
- Red teaming
- Recommendations on mitigating known security vulnerabilities.
Result: decreased risk of loss or theft of information through remediation of IT infrastructure weaknesses.
Cyber Security Consulting
How to operate securely in the cyber environment or to make sure technology investments are adequately protected. As organisations seek to provide more efficient services to customers and the use of online services increases, so does the scale and sophistication of cyber-attacks. This team helps our clients understand the nature of these attacks and the impact on their business, identifying their security risks and planning effective ways to address these. Similarly, as expenditure on technology increases, we help organisation understand the risks associated with this investment and work with them to identify the right controls to mitigate these and deliver a successful outcome.
Threat and Vulnerability Management
PwC’s threat and vulnerability management team is dedicated to the critical task of protecting the enterprise. The activities in this area range from traditional firewall and host security mechanisms to dealing with the increased security risks that are an outgrowth of ever-expanding network infrastructures.
Case: The Company is unaware of that an attack on critical company resources is in-progress or has already occurred.
Our services include:
- Intrusion monitoring
- Malicious program detection
- Security information management
- Threat management
- Vulnerability management
- Incident response
- Asset management
Result: decreased risk of serious Information Security incidents and improved control over and security of critical information resources.
Forensic Technology Solutions
The world grows more complex, data-saturated and multipolar by the minute — with fraud, corruption, regulations and enforcement all growing. At the same time, organizations' critical information is exchanged and stored in increasingly decentralized ways — from computers and servers to mobile devices, cloud storage, enormous datasets from (international) financial institutions and the Internet of Things.
This explosion of data creates significant risks. So ask yourself: when critical issues arise — and time is of the essence — could you quickly collect and analyse current and historical data to resolve the situation?
We support our clients both here and across the globe. Every day PwC's Data Scientists and Computer Forensics professionals’ help our clients navigate the legal and business processes mandated by critical events — such as disputes, enforcement matters, cyber breaches, investigations, litigation and whistle blower allegations. We help our clients plan for and anticipate expectations, garner insight from their data using the latest data analytic tools — and make informed decisions under pressure. That’s how we provide clarity and confidence in crisis.
Information Security Architecture
Information security architecture describes all aspects of the system that relate to security, including the set of underlying principles that guide the design.
Case: The existence of anti-virus software and corporate network firewalls in the Company’s IT environment does not address all the risks of Information Security.
Our services include:
- Enterprise requirements analysis and prioritization
- IT security reference architecture
- Common security services infrastructure
- Security implementation methodology or software development lifecycle (SDLC) and code review.
Result: reduced risks of Information Security relevant for the company IT infrastructure and comprehensive management of Information Security risks.
Identity & Access Management
Our best-in-class identity team focus on IAM-related challenges, such as: secure transactions, personalised engagement, seamless customer experiences, trusted access and smart authentication.
We provide solutions for all the Identity and access management (IAM) challenges for online business, such as: secure transactions, personalised engagement, seamless customer experiences, trusted access, smart authentication and cost efficient access risk management. Our IAM specialists help our customers by optimizing their access and control processes and implementing technical solutions which ensure that only authorised persons have access to the relevant information. End-user exposure to security threats is growing and enterprises are increasingly breached. This threatens online business growth and requires identity solutions that are able to provide strong security while ensuring ease of use and low threshold access.
Privacy and Data Protection
Companies face a growing patchwork of new data protection and privacy laws in different territories (particularly the EU). When leaders can expertly determine how to collect, use, and destroy data, they can see safer and more effective ways to use it to create value. Our privacy team helps to craft a privacy program that can enhance customer trust and compliance with global data-privacy regulations.
Privacy in order for the General Data Protection Regulation (GDPR)
Finding the right balance between using personal data and protecting privacy is one of the biggest challenges of the digital age. All organisations that process personal data within the European Union will have to deal with new rules, including those provided in the General Data Protection Regulation (GDPR).
The European Commission will be enforcing the GDPR with effect from 25 May 2018. From that date on, all existing regulations in the EU will be centralised and updated for the digital era. The GDPR, which will also have a legal effect outside the EU, will make EU data protection rules uniform. The GDPR contains significant and new requirements regarding the management of personal data and how such data is used, collected, stored, and shared. The rules will apply to all parties who are responsible for managing and processing data in the EU.
Our privacy professionals assist organisations with the required technical, organisational, and legal skills. We offer a standard approach with proven methods for assessing the degree to which companies are prepared for the GDPR and which measures companies will need to take.
Due to the changes at our clients, the demand for risk mitigation is growing. Digital transformation is only successful when it is trusted by our client clients, the board of directors and politicians. Risk mitigation can help our clients to deal with the their new reality and digital ambitions, helping them to manage risks during their transformations, both in their front and back office processes. Risk mitigation as 'enabler'!
Case: A client has doubts if his new IT Strategy is the right one.
Our services include:
- Second / expert opinions
- Conducting risk assessment
- Project reviews
- Assessment of compliance with regulation
- Board advisory