Strategy and transformation

Cyber assurance/attestation

Your challenges
  • Is the business resilient to a cyber attack?
  • Which threats should you be the most concerned about?
  • Are there gaps in your cybersecurity capabilities?
  • Do you have the right controls in place to detect key risks?
  • Are we investing in the right areas?
What does it include
  • Readiness assessment of your Cybersecurity Risk Management Program;
  • Remediation assistance;
  • Support in the report preparation and writing;
  • Cybersecurity controls testing.
Key benefits
  • Enhance brand and reputation;
  • Provide transparency;
  • Assess program effectiveness;
  • Reduce communication and compliance burdens;
  • Allow flexibility in reporting.

Cybersecurity transformation

Your challenges
  • Do you want to undertake a comprehensive security assessment of your organisation?
  • Do you want to identify technical and organisational weaknesses?
  • Do you want to define an information security strategy aligned with your business objectives?
  • Do you want to achieve a security posture aligned to your security risks and objectives?
What does it include
  • Full assessment of your Cybersecurity maturity against PwC’s Cybersecurity framework;
  • Support in the definition of a security strategy to reach a security maturity level aligned to your expectations;
  • Roadmap to achieve this strategy, with detailed project sheets.
Key benefits
  • Cybersecurity strategy and objectives defined, aligned with business objectives and security initiatives; identified, prioritised, planned and explained to achieve these objectives.

Information Security Risk Management

Your challenges
  • Do you have a clear understanding of the risks impacting your data?
  • Do you regularly monitor risks to ensure your protective measures remain appropriate and adapted to the threats you face?
  • Are you aware of new risks arising from changes to your environment or external threats?
  • Are your risk management activities compliant with the latest regulations (e.g. GDPR, CSSF, etc.)?
What does it include
  • Outsourced risk management service that includes risk identification, assessment and reporting, run by our information security experts;
  • Risk assessments tailored to your context and information systems;
  • Assistance in developing risk treatment plans;
  • Access to a web-based risk management tool (MONARC), which includes a central risk register.
Key benefits
  • Timely access to threat intelligence feeds;
  • Risk management informed by technical expertise;
  • Standardised approach to risk management across the organisation.

Information Security Management System assessment & implementation

Your challenges
  • Do you want to have a detailed analysis of the gaps between your current security practices and best practices (ISO27001, ISO27002)?
  • Do you want to become compliant or certified with an internationally recognised security standard by implementing n Information Security Management System (ISMS)?
What does it include

An in-depth transformation process in three key phases:

  • Gap analysis of the current situation;
  • Implementation of the ISMS based on the tailored recommendations provided in the first phase;
  • Preparation for the certification, white audit and support to prepare documents and evidence for the auditors.

Each phase can be selected individually depending on your needs.

Key benefits
  • Detailed list of gaps and recommendations to achieve best practices;
  • Support for the development of security documentation and governance required for an ISMS;
  • Support for the deployment of security controls and procedures.

Network and Information Systems (NIS) Directive

Your challenges
  • Do you have a clear picture of your business’s priority operational and cyber risks?
  • Are you able to demonstrate compliance with the NIS Directive?
  • Are you aware of the significant fines you could face if not compliant with the NIS Directive?
What does it include

As an Operators of Essential Services (OES) / Digital Service Providers (DSP) you will need to:

  • Identify your in-scope network and information systems;
  • Achieve the outcomes set out by the NIS directive;
  • Report security incidents 'without undue delay';
  • Demonstrate compliance with cross-sector guidance produced by the national competent authorities (once published by ILR and CSSF).
Key benefits
  • Understand the level of cyber security maturity across your organisation;
  • Develop a roadmap to improve your maturity and prepare for NIS;
  • Build a defensible compliance position.

SWIFT Customer Security Program

Your challenges
  • Are you able to demonstrate compliance with the SWIFT Customer Security Programme (CSP v2)?
  • Have you planned to attest your level of compliance against SWIFT mandatory controls before the end of year, as requested by SWIFT?
  • Are you aware that SWIFT will now request customers to undergo independent assessment as from mid-2020?

What does it include

  • Assistance in providing the online mandatory self-attestation as requested by SWIFT before the end of 2019;
  • Compare what you have in place with the SWIFT framework, identify the discrepancies  and the suitable corrective actions;
  • Prepare to demonstrate compliance to SWIFT CSP.
Key benefits
  • Understand your level of compliance against SWIFT CSP v2 and align your strategy accordingly (e.g. outsourcing model);
  • Develop a roadmap to improve your SWIFT infrastructure maturity;
  • Prepare to undergo independent assessment that will occur as from mid-2020.

Contact us

Koen Maris

Cybersecurity Leader, PwC Luxembourg

Tel: +352 49 48 48 2096

Frédéric Vonner

Privacy Leader, PwC Luxembourg

Tel: +352 49 48 48 4173

Follow us