Strategy and transformation
Cyber assurance/attestation
Your challenges
- Is the business resilient to a cyber attack?
- Which threats should you be the most concerned about?
- Are there gaps in your cybersecurity capabilities?
- Do you have the right controls in place to detect key risks?
- Are we investing in the right areas?
What does it include
- Readiness assessment of your Cybersecurity Risk Management Program;
- Remediation assistance;
- Support in the report preparation and writing;
- Cybersecurity controls testing.
Key benefits
- Enhance brand and reputation;
- Provide transparency;
- Assess program effectiveness;
- Reduce communication and compliance burdens;
- Allow flexibility in reporting.
Cybersecurity transformation
Your challenges
- Do you want to undertake a comprehensive security assessment of your organisation?
- Do you want to identify technical and organisational weaknesses?
- Do you want to define an information security strategy aligned with your business objectives?
- Do you want to achieve a security posture aligned to your security risks and objectives?
What does it include
- Full assessment of your Cybersecurity maturity against PwC’s Cybersecurity framework;
- Support in the definition of a security strategy to reach a security maturity level aligned to your expectations;
- Roadmap to achieve this strategy, with detailed project sheets.
Key benefits
- Cybersecurity strategy and objectives defined, aligned with business objectives and security initiatives; identified, prioritised, planned and explained to achieve these objectives.
Information Security Risk Management
Your challenges
- Do you have a clear understanding of the risks impacting your data?
- Do you regularly monitor risks to ensure your protective measures remain appropriate and adapted to the threats you face?
- Are you aware of new risks arising from changes to your environment or external threats?
- Are your risk management activities compliant with the latest regulations (e.g. GDPR, CSSF, etc.)?
What does it include
- Outsourced risk management service that includes risk identification, assessment and reporting, run by our information security experts;
- Risk assessments tailored to your context and information systems;
- Assistance in developing risk treatment plans;
- Access to a web-based risk management tool (MONARC), which includes a central risk register.
Key benefits
- Timely access to threat intelligence feeds;
- Risk management informed by technical expertise;
- Standardised approach to risk management across the organisation.
Information Security Management System assessment & implementation
Your challenges
- Do you want to have a detailed analysis of the gaps between your current security practices and best practices (ISO27001, ISO27002)?
- Do you want to become compliant or certified with an internationally recognised security standard by implementing n Information Security Management System (ISMS)?
What does it include
An in-depth transformation process in three key phases:
- Gap analysis of the current situation;
- Implementation of the ISMS based on the tailored recommendations provided in the first phase;
- Preparation for the certification, white audit and support to prepare documents and evidence for the auditors.
Each phase can be selected individually depending on your needs.
Key benefits
- Detailed list of gaps and recommendations to achieve best practices;
- Support for the development of security documentation and governance required for an ISMS;
- Support for the deployment of security controls and procedures.
Network and Information Systems (NIS) Directive
Your challenges
- Do you have a clear picture of your business’s priority operational and cyber risks?
- Are you able to demonstrate compliance with the NIS Directive?
- Are you aware of the significant fines you could face if not compliant with the NIS Directive?
What does it include
As an Operators of Essential Services (OES) / Digital Service Providers (DSP) you will need to:
- Identify your in-scope network and information systems;
- Achieve the outcomes set out by the NIS directive;
- Report security incidents 'without undue delay';
- Demonstrate compliance with cross-sector guidance produced by the national competent authorities (once published by ILR and CSSF).
Key benefits
- Understand the level of cyber security maturity across your organisation;
- Develop a roadmap to improve your maturity and prepare for NIS;
- Build a defensible compliance position.
SWIFT Customer Security Program
Your challenges
- Are you able to demonstrate compliance with the SWIFT Customer Security Programme (CSP v2)?
- Have you planned to attest your level of compliance against SWIFT mandatory controls before the end of year, as requested by SWIFT?
- Are you aware that SWIFT will now request customers to undergo independent assessment as from mid-2020?
What does it include
- Assistance in providing the online mandatory self-attestation as requested by SWIFT before the end of 2019;
- Compare what you have in place with the SWIFT framework, identify the discrepancies and the suitable corrective actions;
- Prepare to demonstrate compliance to SWIFT CSP.
Key benefits
- Understand your level of compliance against SWIFT CSP v2 and align your strategy accordingly (e.g. outsourcing model);
- Develop a roadmap to improve your SWIFT infrastructure maturity;
- Prepare to undergo independent assessment that will occur as from mid-2020.
