Академический Документы
Профессиональный Документы
Культура Документы
ru/riskassurance
PwC
Setting direction
Security
Management
Responding to major
incidents
Business Continuity assessment
services, BCM review
and design, DR Planning review.
Managing incidents
Incident response process review and
design, incident response services,
forensic investigation and readiness.
Business
Continuity and
DR Planning
Governance,
risk and
compliance
People
Process
Technology
Incident
Response and
Forensic
Investigation
Threat and
Vulnerability
Assessment
Architecture,
Applications and
Network Security
Creating a sound
framework of control
Risk, policy, standards review and
development, ISO and regulatory
compliance review, privacy review and
design, awareness raising, training.
Indentifying and
remediating information
risk
Vulnerability scanning, penetration
testing, vulnerability remediation,
patch management, threat
monitoring, open source
monitoring, content monitoring.
PwC
Security Management
Case study
PwC is able to leverage its broad experience and deep specialists skills
to assist clients with:
The client was in constant fire fighting mode and had suffered
several high profile data breaches. The business units were very
siloed and were not aware of key projects or initiatives that could
impact them.
Organisational reviews
Security metrics design
Management reporting design
PwCs Approach:
SecurityATLAS
Leadership
Information
Protection
Architecture
Alignment
Governance
Identity
Management
Physical
Security and
Investigations
Threat and
Vulnerability
Management
Awareness
and
Education
Privacy and
Data
Protection
Service Delivery
PwC
Case study
PwC
Case study
PwCs Approach:
PwC conducted a baseline review of the clients current
information risk management capabilities.
PwC identified the key information risks that the client faced and
the maturity of the clients capabilities to manage these risks.
PwC performed a detailed analysis of the maturity of the clients
capabilities and provided detailed recommendations to enhance
the clients information risk management framework.
PwC
Case study
PwCs Approach:
PwC helped the client design a buy vs build assessment to
compare their existing recertification platform to vendor products.
Legacy
Legacy N
Periodic
Recertification
Access and
entitlement data sorted
using User rather
than Application
Access and
entitlement data
consolidated
in a central repository
App 1
Provisioning
Infrastructure
Self
Service/Automated
Provisioning
Provisioning performed
by the
Centralised/Offshore
Security Administration
Group
PwC
Role-based
provisioning
Legacy
provisioning
User B
Exception reports
(Toxic Combinations,
leavers, movers) for
action
Organisation Chart
Leavers
& movers
feed
Director
(Equity Derivatives
)
App N
HR database
Identity
store
FO Equity
Derivatives
Manager
1. User A
2. User B
3. User C
BO Finance&
Control Manager
1. User B
2. User E
3. User F
Recertification performed
by Line
Manager
Case study
As a result of the loss of two discs containing child benefit data, the
client commissioned a public review. The terms of reference of
this review were to establish the circumstances that led to the
significant loss of confidential personal data on child benefit
recipients.
PwCs Approach:
The PwC engagement incorporated the following phases: a forensic
investigation, a review of policies and procedures, and a series of
recommendations.
The forensic investigation focused on establishing the facts leading
to the loss of confidential data.
The policies and procedures review focused on the adequacy of
existing policies and procedures.
Finally the review incorporated a detailed series of
recommendations including the setting of information security
targets in line with ISO 27001.
PwC
Case study
PwCs Approach:
Vulnerability remediation
PwC
10
Contact details
Michael Hurle
Partner
Tel.:+7 (495) 223 5039
michael.hurle@ru.pwc.com
Chris Gould
Partner
Tel.: 7 (495) 232 5438
christopher.gould@ru.pwc.com
PwC
PwC Russia (www.pwc.ru) provides industry-focused assurance, tax, legal and advisory services. Over 2,600 professionals working in PwC offices in Moscow, St Petersburg, Ekaterinburg, Kazan, Novosibirsk,
Rostov-on-Don, Krasnodar, Voronezh, Yuzhno- Sakhalinsk and Vladikavkaz share their thinking, experience and solutions to develop fresh perspectives and practical advice for our clients. The global network of
PwC firms brings together more than 184,000 people in 157 countries.
2014 PricewaterhouseCoopers Russia B.V. All rights reserved.
PwC refers to PricewaterhouseCoopers Russia B.V. or, as the context requires, other member firms of PricewaterhouseCoopers International Limited, each of which is a separate legal entity.