Upload File

pwc it security strategy and planning

2
PricewaterhouseCoopers’ integrated approach to Security Strategy and Planning Virtually all organisations have invested in security to protect information assets. However, increasing threats and changing business models – the i nclusion of outsiders into the internal technology environment, for example – call into question whether security efforts are meeting business needs as effectively as possible. The misalignment that currently exists between security efforts and business objectives must be addressed. Recognising these competing and sometimes conicting security objectives, our Security Strategy & Planning Service helps strike the appropriate balance between asset protection and process enablement, reviewing security initiatives against their associated costs and  justifying the cost of such initiatives in terms of enhanced services, increased efciency of existing services, or mitigation of business risk. The resulting security strategy is designed to set the direction of the organisation and focus security resources on the areas of greatest value. Even the most sophisticated companies can nd their approach to security focuses on individual components, specic events and responses to emergencies as they occur . Staff are kept busy solving individual problems, but problems keep occurring because root causes aren’t addressed. Such an approach can lead to islands of security in a sea of risk. Our suite of proven services, coupled with incomparable security know-how, helps you progress from a fragmented, emergency-respons e mode to one focused on the continued well-being of the whole enterprise. Our knowledgeable consultants use proven methodologies that identify third-party compliance, risk management and competitive requirements to envision and plan for a balanced approach to security. Our Approach PricewaterhouseCoopers has developed reliable methodologies to help organisations build enterprise-level information protection programmes, or Enterprise Security  Architectures (ESA). The approach is based on the Information Security Framework shown below. The Information Security Framework, like any architecture, has many different building blocks that, combined, form a solid foundation and structure. The result is a comprehensive, cohesive model for information protection that takes into consideration all of the aspects of an organisation – from business processes to technologies to individual employees. ESA dene the Information Security Strategy that consists of layers of policy, standards and procedures, and how they are linked. The ESA is crucial to a successful information security programme. Without an established ESA to govern the infrastructure, adequate security cannot be achieved. PwC Security Vision and Strategy Information Security Management Structure    S   e   n    i   o   r    M   a   n   a   g   e   m   e   n    t    C   o   m   m    i    t   m   e   n    t T r  a i  n i   g  a n  d A w  a r  e  e  s  s P r  o  g r  a m Business Initiatives & Processes Technology Strategy & Usage  Vulnerability & Risk  Assessments Policy Security Model Security Architecture and Technical Standards  Administrative and End-User Guidelines and Procedures Enforcement Processes Monitoring Processes Recovery Processes “Decision Drivers” Enterprise Security  Architecture Design Tools and Methodologies

Upload: tracert

Post on 06-Apr-2018

218 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Pwc It Security Strategy and Planning

8/3/2019 Pwc It Security Strategy and Planning

http://slidepdf.com/reader/full/pwc-it-security-strategy-and-planning 1/2

PricewaterhouseCoopers’

integrated approach to

Security Strategy and

Planning

Virtually all organisations have invested in security to

protect information assets. However, increasing threats

and changing business models – the inclusion of 

outsiders into the internal technology environment, for 

example – call into question whether security efforts are

meeting business needs as effectively as possible. The

misalignment that currently exists between security efforts

and business objectives must be addressed.

Recognising these competing and sometimes conflictingsecurity objectives, our Security Strategy & Planning

Service helps strike the appropriate balance between

asset protection and process enablement, reviewing

security initiatives against their associated costs and

 justifying the cost of such initiatives in terms of enhanced

services, increased efficiency of existing services, or 

mitigation of business risk. The resulting security strategy

is designed to set the direction of the organisation and

focus security resources on the areas of greatest value.

Even the most sophisticated companies can find their 

approach to security focuses on individual components,

specific events and responses to emergencies as they

occur. Staff are kept busy solving individual problems,

but problems keep occurring because root causes aren’t

addressed. Such an approach can lead to islands of 

security in a sea of risk. Our suite of proven services,

coupled with incomparable security know-how, helps you

progress from a fragmented, emergency-response mode

to one focused on the continued well-being of the whole

enterprise.

Our knowledgeable consultants use proven

methodologies that identify third-party compliance, risk

management and competitive requirements to envision

and plan for a balanced approach to security.

Our ApproachPricewaterhouseCoopers has developed reliablemethodologies to help organisations build enterprise-level

information protection programmes, or Enterprise Security

 Architectures (ESA). The approach is based on the

Information Security Framework shown below.

The Information Security Framework, like any

architecture, has many different building blocks that,

combined, form a solid foundation and structure.

The result is a comprehensive, cohesive model for 

information protection that takes into consideration all of 

the aspects of an organisation – from business processes

to technologies to individual employees. ESA define

the Information Security Strategy that consists of layers

of policy, standards and procedures, and how they are

linked. The ESA is crucial to a successful information

security programme. Without an established ESA to

govern the infrastructure, adequate security cannot be

achieved.

PwC

Security Vision and Strategy

Information Security Management Structure

   S  e  n   i  o  r   M  a  n  a  g  e  m  e

  n   t   C  o  m  m   i   t  m  e  n   t T 

r  ai  ni  n g an d A 

w ar  en e s sP r  o gr  am

BusinessInitiatives

& ProcessesTechnology

Strategy & Usage Vulnerability & Risk

 Assessments

Policy

Security Model

Security Architecture andTechnical Standards

 Administrative and End-UserGuidelines and Procedures

EnforcementProcesses

MonitoringProcesses

RecoveryProcesses

“Decision Drivers”

Enterprise Security

 Architecture Design

Tools and

Methodologies

Page 2: Pwc It Security Strategy and Planning

8/3/2019 Pwc It Security Strategy and Planning

http://slidepdf.com/reader/full/pwc-it-security-strategy-and-planning 2/2

Our Service OfferingsStrategic Assessment and PlanningWe determine where your organisation stands with

regard to security, and work with you to develop long-term

plans for building a proactive, comprehensive security

programme focused on business needs. Services in this

area may include:

•  Organisational Assessment – To assess if current

security functions fit the needs of the overall business.

•  Framework Gap Analysis – To compare currentsecurity functions with our best-practice model.

•  Security Benchmarking – To measure current

security functions against those of other organisations

of the same size in the same industry.

•  Strategy Development – To design the structure of 

your future security programme, and establish a path

to achieve it.

•  Development of the Security Management

Framework – This framework includes the following

key areas:

• An Executive and Detailed Information Security

Policy.

• The Information Security Management System

specific to the organisation’s needs will be

defined.

• Key risk assessments to identify the threats

to assets, vulnerabilities and impacts on the

organisation.

• The areas of risk to be managed will be identified

based on the organisation’s information security

policy and degree of assurance required.

• Selection of appropriate information

security control objectives and controls for 

implementation by the organisation.

In addition, we assist you throughout the development,implementation and maintenance of your information

protection programme, helping you implement a control

based, measurable security programme. Some of the

services in this area include:

• Technical control development.

• Technical security architectures.

• Asset inventories and information classification.

• Security awareness and training programmes.

• Standards implementation planning and rollout.

• Metrics development and reporting.

• Develop a Security Road Map and maturity plans.

• Develop strategic and tactical security plans.

• Provide security management education.

• Provide Security Governance assistance.

In SummaryPricewaterhouseCoopers has made significant

investments in the security industry in the form of 

thought leadership, security roundtables, and proven

methodologies based on our experience in a myriad of 

security engagements.

We have a comprehensive library of security knowledge,

and our professionals have extensive experience in a

variety of industries. That’s why when you engage our 

Security Strategy & Planning Service, you truly gain a

trusted security advisor.

Contact details

For further information, please contact:

 Angeli Hoekstra

Tel. (011) 797 4162 / 082 783 1371

E-mail: [email protected]

Diane Kelway

Tel: (011) 797 4705 / 082 575 6867

E-mail: [email protected]


Tax strategy and corporate reputation: a tax issue, a business - PwC

On today’s menu: trust and innovation France... On today’s menu:trust and innovation September 2018 PwC/Strategy& report for players in the agri-food industry Strategy& | PwC 2

Cyber Security Services - PwC...2. Cybersecurity strategy development support- Adopting a similar approach to policy advice, strategic development support is there to help your institution

Pwc Aerospace Defence and Security Top 100

Building the modular bank - Strategy& · Francesco Legrenzi Managing Director, PwC Italy +39-02-72-50-91 francesco.legrenzi @pwc.com Munich Dr. Johannes Bussmann Partner, PwC Strategy&

Information Security Breaches Survey 2015 - PwC UK · PDF fileINFORMATION SECURITY BREACHES SURVEY 2015 | technical report 3. Commissioned by: ... The PwC team was led by Andrew Miller,

PWC - Global Information Security Survey 2014

PwC: New IT Platform From Strategy Through Execution

Artificial Intelligence - The next big growth driver for ... · PwC Strategy& –Expertise in ... PwC Strategy& Analysis 4.0 5.0 6.0. PwC Strategy& The AI stack consist of multiple

SECURITY STRATEGIES Security Strategy 1: Security Strategy 2 · 2018-02-12 · SECURITY STRATEGIES Security Strategy 1: Maintain and further risk-inform the current regulatory framework

The PwC-ACCA Finance Effectiveness Survey · PDF filedesign and execute business strategy, ... 8 PwC-ACCA Finance Effectiveness Survey ... According to PwC, modern day finance functions

Overcoming today's challenges for tomorrow's security · 2019-11-19 · 3 | PwC Overcoming today’s challenges for tomorrow’s security The PwC Global Defence Advisory Board The

Food security in Africa - Water on oil - PwC€¦ · Food security in Africa Water on oil December 2015. 2 PwC . Food security in Africa Water on oil 3 Food security in Africa Summary

Strategy and Grand Strategy: What the National Security ...aratsg.com/.../Strategy_and_Grand_Strategy_for_the... · Strategy and Grand Strategy: What the National Security Professional

PwC Global information security survey

PwC: Embedding cyber security into the energy ecosystem

National Security Strategy: The Strategy of Containmentslantchev.ucsd.edu/courses/ps142j/lectures/strategy-of-containment.pdf · National Security Strategy: The Strategy of Containment

Download: IT Security Services - PwC

Sarah Close, PwC Transport - Future strategy for road supply and charging

PwC - Cyber Security and Business Continuity Management - Cyber Security and... · EPICC Cyber Security and Business Continuity Management October 2016

Pwc Global State of Information Security Survey 2015

National Security Strategy

Protect a generation: Climate security for India’s ... - pwc

sap security strategy

PwC Global State of Information Security

Electric Vehicle Sales Review Q3 2021 | PwC and Strategy&

Cyber security optimisation in organisations - pwc

Global State of Informatino Security Survey - PwC · The 2012 Global State of Information Security Survey® is a worldwide security survey by PwC, CIO Magazine and CSO Magazine. It

PwC Msia Trf Strategy Service Statement Sept 2012

Strategy& Greater China - the global strategy consulting team at PwC

Information security breaches survey - PwC UK · 4 Information security breaches survey 2012 | Technical report Security strategy and controls Attitudes to information security Senior

Evolution of US National Security Strategy. US Strategies National Security Strategy (Pres) National Security Strategy National Defense Strategy (SecDef)

BODY EXTERIOR, DOORS, ROOF & VEHICLE SECURITY PWC A... · pwc-1 body exterior, doors, roof & vehicle security c d e f g h i j l m section pwc a b pwc n o p contents power window control

Cyber security - PwC · • Bridging the gap between CXO and security • Cyber strategy road map ... •Cyber threat intelligence fusion and big data analysis platforms to process

Corporate Responsibility Strategy & PwC Foundation