How to proactively manage risk and compliance through integrated security management*

Companies can no longer manage security on an ad-hoc project basis. To reduce the risk of business disruptions, meet regulatory compliance objectives and adequately respond to complex security breaches, organizations must integrate security infrastructures as well as constantly monitor standards, policies and controls to stay in line with established parameters. By gaining complete visibility into the information security infrastructure, organizations are also able to remediate security gaps quickly.

If this is your situation

• You want to identify the areas of greatest risk and gain a comprehensive view of security from a business perspective
• You want to reduce the likelihood that information assets will be compromised through security incidents
• You need to reduce the complexity of information security systems, reports and data, so that areas that need immediate attention are easily identified
• You need to correlate relevant security data from disparate sources to manage complex security breaches and events
• You want to respond quickly if a crisis or security breach occurs

How PricewaterhouseCoopers can help you

PricewaterhouseCoopers (PwC) Advisory professionals work closely with IT organizations to identify risk areas and with executives to establish priorities for remediation. Using proven methodologies and deep industry knowledge, we help organizations integrate an information security infrastructure (people, processes and technology) and implement standardized processes. With a comprehensive view of security, organizations obtain a realistic picture of their weaknesses and can proactively take action to protect information assets. Managing security from this holistic standpoint makes it easier to monitor conformity with established standards and policies as well as maintain asset risk exposure within a known and accepted range.

Services we provide include the following:

Risk Identification

• Assess current security capabilities, including threat management, vulnerability management, compliance management, reporting and intelligence analysis.
• Define c
• Identify technology requirements for bridging security gaps
• Integrated Security Information Management
• Develop processes to evaluate and prioritize security intelligence information received from external sources, allowing organizations to minimize risks before an attack
• Implement processes that support the ongoing maintenance, evolution and administration of security standards and policies
• Determine asset attributes, such as direct and indirect associations, sensitivity and asset criticality, to help organizations allocate resources strategically
• Assist in aggregating security data from multiple sources in a central repository or "dashboard" for user-friendly presentation to managers and auditors
• Help design and implement a comprehensive security reporting system that provides a periodic, holistic view of all IT risk and compliance systems and outputs
• Assist in developing governance programs to enforce policies and accountability

• Determine appropriate controls to address security incidents
• Enhance controls by securing, repairing or deploying technology components
• Validate that identified risks to the environment have been properly addressed, and that mechanisms are in place to reduce the risk of recurrence
• Security Crisis & Response Policy and Procedure Development
• Provide planning for security events using PwC’s management, process and technical expertise
• Repair and investigate security events quickly to reduce their impact