It is not a new phenomenon that information technology influences both our everyday and work lives. Business processes can be made more efficient and safer with the use of appropriate technologies which generate huge amounts of data. Usage of these tools are the basis of innovative business models, but we must not forget about proper security measures. This is crucial because in using these technologies we will be providing access to parts of these systems for various external actors and specialized companies.
Therefore focusing on cybersecurity is not just a security question anymore, much more a part of company-wide efficiency improvements. A properly planned and implemented security architecture supports the efficiency of business processes significantly, increases the level of trust of clients, customers and partners, and assists the transparent use of digital infrastructure. Additionally, a well-proportioned risk based security approach protects the company’s value creation and business processes along with its resources and assets based in cyberspace. A properly designed and implemented cybersecurity strategy focuses not only on the prevention of attacks but also guarantees the right access for partners and defines an adequate reaction to incidents.
We firmly believe that this is not only a technical issue, as such we support cybersecurity initiatives from strategy to execution, including compliance, technical testing, C level training, crisis simulations and much more.
How our cybersecurity services can help you
- Information security compliance and third party risk management
- Information security strategy and governance
- The human side of IT Security
- Data protection
- Cyber incident response and recovery
- Implementation and operation of security tools
- Innovative and cyber physical security
Information security compliance and third party risk management
High-quality and secure service operations of IT systems are extremely important for companies, their (corporate) customers and regulatory bodies in order to maintain stakeholder confidence and business continuity. Our information security experts will help you comply with industry best practices and standards in the IT and information security industry (e.g. ISO27001, NIST Cyber Security framework) and local or international regulatory requirements. To achieve compliance, we support our clients with IT and information security maturity assessments (GAP analyses), risk analysis and remediation plan development. We provide tailored inputs to the decision making process by analyzing various remediation options; additionally we follow through with the implementation of the remediation plan.
Furthermore, we perform compliance assessments, of which we are also able to issue a Third Party Assurance report (e.g. for corporate clients, regulatory organizations) as an ‘independent auditor’.
We provide our compliance services primarily - but not exclusively - focusing on the following industry standards and regulatory requirements:
Standards, industry best practices :, NIST IT Security Recommendations, ISO27000 standards, PCI DSS, SWIFT CSP, TISAX®*, ISO 21434, UN ECE WP.29,
Regulatory requirements: 2013 / L. TV. (Ibtv.), Industry regulations(e.g. Hpt, PSD2, MNB recommendations, etc.), EU Cyber Act, NIS directive
For IT service providers:, SOC1-2, ISAE3402
Outsourcing processes is a common, well-proven solution, especially when it comes to IT processes and services. However, there is something that cannot be outsourced: accountability. Compliance or lack thereof of suppliers, distributors and partners may raise questions. Our experts help ensure compliance and security of service providers or outsourced processes through independent, external audits. Service providers are able to provide evidence of compliance to their clients through specific Third Party Assurance reports (e.g. SOC1-2, ISAE 3402, ISAE 3000). We support this by reviewing and evaluating new technologies and relevant control environments, complemented with consultation on best practices and leveraging the experiences of our international network. During the outsourcing process, we help assess information security risks related to third parties (IT service providers and other suppliers, partners) using our proven, international methodology.
Additionally we support the integration of information security into the procurement and service provider management framework and their entire management lifecycle. Due to our regional presence, we can help group members in an integrated and coordinated manner.
*TISAX® is a registered trademark of the ENX Association. PwC has no business relationship with ENX in the context of these offers.
Information security strategy and governance
For the efficient operation of security measures
A key element of any complex governance activity is to have an appropriate strategy, which is aligned with business requirements and based on the specific risks of the business. Our information security experts help you define the strategy which is in line with your needs and capabilities and define the appropriate security procedures.
Cyber security strategy and program
Cyber dashboard management
Information security risk and maturity assessment
Business Continuity & Crisis Management
Our extensive risk management experience helps you identify and analyze your risks and prepare your business impact assessment to develop your processes and policies based on a comprehensive risk analysis. In order to identify priorities, we can assess the maturity of your security system, taking into account international standards and regulatory requirements, thus providing you with an objective overview of your company's information security capabilities and resilience to internal and external threats.
In addition, to help you prepare for the unexpected, we assist you to plan for business continuity and recover from a crisis, we offer hands-on training and realistic simulations of the situation for management and response teams.
In order to monitor the effectiveness of cybersecurity activities, we have developed a methodology that provides adequate insight to senior management. Selecting the right performance metrics as well as the appropriate reporting structure plays an important role for business management in illustrating the progress and value of security systems.
The human side of IT Security
Strengthening the weakest link in security
We know that the human factor plays a pivotal role in the information security chain, so it is essential to make security awareness a part of day-to-day operations. Our trainings are aimed at helping top management as well as employees recognize and understand threats, risks and bad habits, and adopt information security best practices.
Management simulation exercises
Awareness training and tests
Escape rooms, gamification
CISO support, coaching
And to support your internal information security tasks, we offer support for your CISO or similar function in the form of training, coaching or consultation on internal controls, best practices and policies.
PwC’s Escape Rooms collect bad habits and practices and use them in a playful way to help the players recognize them through exciting gameplay: in some cases, they make mistakes too. All three escape rooms (physical, online and VR) can be a great addition to traditional information security training and can be incorporated into awareness campaigns.
Data protection
To turn privacy into a value-add
We strongly believe that doing data protection right is not just a compliance issue, but an integral part of your business, and can be a real differentiating factor. While GDPR plays an important part in the field, privacy topics are broader. We can help you prepare, assess, implement and maintain a good privacy system.
GDPR compliance, revision after implementation
Develop and control concepts (data subject rights, mandatory data deletion, etc.)
Data protection risk assessment and process audit
Third party
While everyone implemented GDPR one way or another, we developed our targeted post-implementation review templates to support you in assessing blind spots and further improvement points. These go well beyond legal compliance and assess IT and process related questions as well to uncover implementation shortcomings.
To refine your approach we can also review and support relevant concepts like data subject rights or data deletion strategy. Protecting your data effectively requires adequate risk awareness and management. We can help you take the necessary steps towards more secure data handling by examining your data management processes and analysing your risks.
But it is not just your processes that need verification. We provide third party assessment services to help you understand the compliance of your suppliers, or to prove your compliance to your customers’ requirements.
Cyber incident response and recovery
There are two types of organizations: the ones that have been attacked and the ones that do not know about it yet
Nowadays, the question is no longer whether a cyber security incident will occur in a particular company / organization, but rather when it will happen and if the company is ready. While an attack can have long-term consequences, causing a serious crisis, with proper preparation and the involvement of a team of experts, the damage can be significantly mitigated and the restoration of the original operation can take place in a planned manner and shorter timeframe.
technical preparation for the incident
incident detection and contamination
immediate response to an incident
post-incident investigation and system development
Managing incidents, discovering the root causes - sometimes specific attacks - is not a trivial competence that an IT operations team should have. Tools, methodology, and specialized knowledge provide the combination needed in a crisis situation. The team with this expertise and practice is able to fully explore the problem causing the incident, to identify the shortcomings and weaknesses that enabled the incident. The result of the investigation of the incident is thus not only comprehensive management and technical report, but also a proposal to improve the situation that allowed the incident to occur.
Implementation and operation of security tools
Implementing, configuring, and selecting the appropriate security tools such as DLP, IDM, or filtering and monitoring applications requires expertise and risk-based assessment. Our team has extensive professional and practical experience to support you in the implementation process, from formalizing and deploying your needs to setting up a sustainable configuration.
Implementation of security tools
Operation and monitoring
DevOps Security
SOC
Threat Intelligence
This is just as important in a self-developed environment, and especially difficult in an agile and DevOps development environment. With our tools and global experience, we help you monitor processes, automatization, or assess current development practices.
We believe that operating and maintaining a secure environment is a complex task that involves not only log files but also the analysis of certain events and the monitoring of diverse processes, and there may even be need for a dedicated SOC. We can help you define and set it up, and we provide different levels of Threat Intelligence service to further increase efficiency.
Innovative and cyber physical security
We protect value chains - the case of hidden infrastructure and new technologies
In recent years, electronic and IT devices have gained a more important role. Production lines, logistics systems, office operations, and scientific research are inconceivable without IT. The computer also has a direct impact on our physical world. In the course of our work, we get to know the business needs of our customers and their IT capabilities, so we can assess and manage the relevant risks - which, in addition to business operations or production, can even endanger human lives.
IoT security and architecture
Industrial systems
5G security and risk analysis
We provide you our experience in IT and cyber security to protect your cyber physical systems. Industrial, IoT devices and new telecommunication systems all have in common that they need to be protected from attacks or downtime. We improve protection in an integrated way with business operations and other IT systems, often - as a positive side effect - creating added value.
We are able to apply our entire cybersecurity and privacy portfolio in this area. Targeted and relevant frameworks provide the basis for our methodology and work. We support the digital transformation with on-demand analysis, developing operating models, making processes and IT systems more secure. On demand, we can during the development of security, perform technical tests on physical systems and the computer devices and networks that control them.
Due to the increasing automation of IoT, 5G, and production, the safety of these special environments is key to reliability and uptime. We believe in integrated activities for OT and industrial systems, where the design, security, and monitoring of the OT environment is just as important, or even more important, than office IT systems. Thanks to our comprehensive approach, after the preparation of action plans, we can support our Clients during operation, implementation and re-measurement.
