Threat & Vulnerability Assurance Services
How to stay ahead of today’s complex security threats
Companies can no longer afford to take a reactive stance to security threats. By appropriately securing IT infrastructure and assets, organisations can reduce the likelihood of a business interruption or impact from a security-related event and demonstrate compliance with regulatory and business requirements, such as ISO 27001 security standard, Payment Card Industry Data Security Standards (PCI DSS), Bank of Greece Governor’s Act 2577, ADAE (Secrecy Assurance Regulations for Telecommunication Services) Sarbanes Oxley or Basel.
If this is your situation
- You need an integrated threat and vulnerability assessment service to better monitor, report on and respond to complex security threats and vulnerabilities, as well as meet regulatory requirements.
- You have concerns over the need to protect both your own information assets and those you are custodian of, such as sensitive customer data.
- You have had a recent security-related incident.
- You want a real-time, integrated snapshot of your security posture.
- You are deploying a new system and/or infrastructure and require an independent view of its security condition prior to going live.
How PwC can help you
PwC professionals have in-depth experience helping organisations reduce risk exposure, protect information assets and limit the impact of security-related events on business activity. To increase the effectiveness of an organisation’s threat and vulnerability management, PwC professionals deliver integrated end-to-end services that address prevention, detection and correction.
- Vulnerability Assessment:
Vulnerability assessments are used to evaluate an organisation’s security level, identify any security issues and associated risk. Using a range of commercial and publicly available tools, our PwC consultants will scan your network and connected systems to identify any potential vulnerabilities that could be exploited to gain unauthorised access. Once the scanning process is complete, PwC will provide you with a 'real-world' interpretation of the results to accurately inform of the vulnerabilities and their potential business impact. This service can be performed on site or across the Internet, depending on the requirements. We can also include evaluation of vulnerabilities subject to attack through wireless or dial up access points.
- Penetration Testing:
Penetration testing takes the vulnerability assessment to the next level. Once vulnerability scans have been performed to identify potential vulnerabilities, our experienced PwC consultants, will then assess the results, choose and carefully exploit vulnerabilities in order to provide, where possible, convincing evidence of real threat exposures through the “proof of access”. Using a risk and business focused methodology, in combination with commercially available and customised tools, which we can also supplement with social engineering techniques, we will report in detail, how a user with malicious intent could gain unauthorised access to vulnerable systems and sensitive information such as customer or financial information, human resources data, email or sensitive system information (passwords, remote network and application access). This provides a more compelling evidence of threat exposures to Senior Management, yielding a more rapid risk response.
- Web Application Security Assessment:
Using a combination of vulnerability assessment and penetration testing techniques, PwC can evaluate the security and resilience of your critical web applications and underlying infrastructure. Our approach combines automated and manual testing methods, which can include source code reviews, to carefully assess the target web application’s ability to prevent intruder exploitations through increasingly sophisticated techniques such as SQL injection and cross site scripting. We can also conduct this service in line industry standards such as OWASP.
- Security Diagnostic and Mitigation Reviews:
PwC can help you examine your established security and control settings within their information technology and business operations areas. We review operating systems, firewalls, routers, databases, and anti-virus solutions. Not only do we diagnose problems, we also make cost-effective recommendations to help you improve your security posture, keeping it in line with your level of risk tolerance.