Incident and threat management

Breach Indicator Assessment

Your challenges
  • Are you sure that your company is currently not under attack or that you have not been compromised?
  • Are you looking for an out-of-the-box solution to pro-actively identify indicators of malicious activities, and have a chance to stop attacks at an early stage?
  • Do you want to gain awareness of your network and system topologies?
What does it include
  • Our BIA framework provides detailed analysis of your network infrastructure to identify potentially compromised systems;
  • Our proprietary collection script has been built to fit industry requirements and expectations; it has no impact on production capabilities and does not require any installation.
Key benefits
  • Prevent your data from being stolen and protect your environment against security breaches.

Incident Management

Your challenges
  • Are you willing to strengthen your organisation’s ability to detect, respond to and recover from security incidents?
  • Do you need immediate assistance to respond to a serious incident?
What does it include
  • Definition of a full incident management framework (policies and procedures) covering the entire incident lifecycle: incident detection, classification, response and recovery;
  • Definition of incident response playbooks which describe the actions to be taken for each type of common incident;
  • Assessment of your organisation’s incident response management capabilities;
  • Assistance in responding to major security incidents;
  • Assistance in managing public relations (e.g. with the media) and reporting incidents to national authorities (e.g. CNPD);
  • Specialist training for incident response teams.
Key benefits
  • Reducing the financial, reputational and legal impact of security incidents.


Your challenges
  • Do you have suspicions of unusual user activity?
  • Do you need to investigate into the causes of a security incident?
  • Do you need evidence for the establishment, exercise or defence of legal claims?
What does it include
  • Forensic analytics and digital investigation into unusual behaviours, etc.;
  • eDiscovery: review of unstructured and structured data;
  • Compliance audit and reporting to authorities;
  • Assistance in conducting interviews with suspects;
  • Assistance in court / disputes and claims;
  • Information integrity checks (e.g., modification of security logs).
Key benefits
  • Experienced technology experts with internationally-renowned certifications (Certified Forensic Examiners/Analysts (SANS FOR508 and FOR500);
  • Our team relies on certified forensics tools (Cellebrite, etc.);
  • Our reports can serve as evidence in court.

Crisis management team exercise & training

Your challenges
  • Deliver the exercise starting by a rapid briefing meeting and longer debriefing meeting with PwC experts.
What does it include
  • On the day of the event, the Company will be in charge of arranging and coordinating the attendance at the exercise by having appropriate personnel in our PwC Experience Center or their premises;
  • Upon arrival, the participants will be briefed by our facilitators on the play rules;
  • Our facilitators will frame the agreed exercises while capturing observations and learning points, which will support the debriefing afterwards. They will also perform an ongoing adjustment should the participants be blocked at some point;
  • The session will be facilitated by at least 2 PwC experts and will be observed by our communication expert in a separated room. Other experts (e.g. cameraman, producer PwC experience center staff, …) will only be there in shadow.
Key benefits
  • Facilitation of the exercises including advice and guidance relating to crisis management and business continuity.

Vulnerability management

Your challenges
  • Are you aware of the vulnerabilities of your information systems and how critical they are?
  • Are you managing vulnerabilities in compliance with the latest regulations (e.g., CSSF Circular 17/655)?
  • Have you already assessed the effectiveness of your patch and vulnerability management processes?
  • Do you want to evaluate your exposure to the latest vulnerabilities?
What does it include
  • Regular scans of your externally exposed systems and internal infrastructure, performed either remotely or using a stand-alone system;
  • Remediation actions tailored to your context.
Key benefits
  • Reduced risk of attacks exploiting known vulnerabilities (e.g. WannyCry);
  • Standardised level of technical security across the organisation;
  • Scanned data remains in our Luxembourg-based data centre.

CSIRT (Computer Security Incident Response Team)

Your challenges

  • Do you know how to react to an IT incident?
  • Have you recently lost important data or been victim of a leak?
  • Have you noticed suspicious activity on your network?
  • Have you been targeted by an advanced cyberattack?
  • Do you have an emergency recovery plan?
  • Do you need to conduct a digital investigation?

What does it include?

  • Develop and execute an incident response plan
  • Coordination and communication
  • Aligned with business departments whenever fraud is detected
  • Lessons learned, roadmap, executive workshops
  • Identification and triage if required
  • Containment of the incident perimeter
  • Information collection
  • Root-cause analysis
  • Eradication
  • List/overview of all actions taken
  • Evidence collection
  • Malware analysis
  • Reverse engineering of malicious code
  • Exhaustive reporting in compliance with legal requirements
  •  Fraud investigation

Key benefits

  • We help you adapt your structure and procedures and be ready to handle IT incidents
  • We help you prepare against potential incidents but also provide support in handling an ongoing cyber-crisis
  • We have the expertise required to investigate technically advanced cyberattacks, to properly handle and document digital evidence and to help your business recover as quickly as possible

Contact us

Koen Maris

Advisory Partner, Cybersecurity & Privacy Leader, PwC Luxembourg

Tel: +352 49 48 48 2096

Stay Connected:

Required fields are marked with an asterisk(*)

Please select the cybersecurity service(s) you are interested in and would like to discuss further

Please select the privacy service(s) you are interested in and would like to discuss further:

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.