Cyber Security‎

Building confidence in your future

Playback of this video is not currently available

Effective learning for your workforce

Playback of this video is not currently available

New ways of thinking about cybersecurity and privacy

How information security can help meet business objectives?

PwC Sri Lanka’s Cyber Security arm has a diverse portfolio of solutions tailored to assist organizations achieve an increased level of security and resilience in face of the adverse impacts from cyber-attacks. Our clients include an unparalleled list of the country’s leading banking and finance institutes, telecommunication service providers, healthcare service providers, software development companies and multinational conglomerates.


PwC professionals can help companies in the following critical areas:

Technical Services

  • Threat and Vulnerability Management
    • Internal and External Vulnerability
    • External Network Vulnerability Assessment
    • Internal Network Vulnerability Assessment
    • Wireless Security Assessment
    • Penetration Testing 
    • Application Vulnerability Assessment
    • Web Application Security Assessment
    • Mobile Application Security Assessment 
    • Thin-Client/ Desktop Application security Assessment 
    • Digital Forensic    
  • Information Security Architecture
    • IT General Controls Review
    • Network Architecture Review
    • Network Diagnostic Review
    • Traffic – flow Analysis 
    • Datacenter Risk Assessment
  • Cloud Transformation
    • Cloud Transformation Implementation Assistance 
    • Cloud Optimization Review Assessment 
    • Cloud security review
  • Red team assessment
    • Social engineering attacks
    • Spear-phishing attack
    • Vishing
    • Browser exploits
    • Network service exploitation
    • Custom RAT
    • USB drop
    • Physical facility exploitation
    • Physical security
    • External Infrastructure
  • Source code review

Business Applications Services

  • Business Application Security
  • Business Application Functionality 
  • Application Information Technology 
  • User Access Review
  • Functionality Gap Analysis
  • Post Implementation Review
  • Functional Requirement Documentation
  • Vendor Evaluation 
  • Application Control Review
Business Application Security

Governance, Risk  Management and Compliance

  • IT Strategy and Governance
    • ISO 20000:2011 Certification Implementation Assistance
    • IT Service Management Review
  • Information Security Management
    • ISO 27001:2013 Certification 
    • Implementation Assistance
    • Information Security Framework Development
    • ISO27001:2013 Internal Audits
    • Information Security Policy & Procedure Review
    • ISO27001 Managed Services
    • Information Classification Framework Development
    • Third Party Risk Assessment/Group compliance review
  • Business Continuity Management
    • Business Continuity Plan development 
    • ISO 22301:2012 Certification Implementation Assistance
    • BCP Documentation Review 
    • BCP Managed Services
  • Privacy and data protection
    • GDPR Compliance Review
    • GDPR Implementation Assistance 
    • GDPR Awareness & Training
    • ISO 27701 Personal Information Management Systems Implementation
    • ISO 27701 Personal Information Management Systems Readiness Assessment/Gap Assessment
    • Sri Lankan Personal Data Protection Bill Implementation/ Readiness Assessment 
  • Third Party Risk Assessment
  • Security awareness and education

Identity and access management

Identity and access management relates to the granting or denying of access to a company’s equipment and data. Strong , effective access management enables the access of authorized workers while restricting the access of unauthorized workers and external third-parties.

PwC Cyber security professionals support organizations on below  assignments related to Identity and Access Management Solutions.

  • Authentication and authorization analysis;
  • User management and access provisioning reviews; and
  • Identity storage and data integration infrastructure review

Managed Services 

  • Threat & Vulnerability Management
    • Vulnerability Assessment and Penetration Testing
    • ITGC & Application Control Review
    • Web Application Security Review
    • Mobile Application Infrastructure security review
    • Firewall & Network Infrastructure Review 
    • Incident response 
    • Red Team Assessment
  • ISMS Implementation
    • ISMS Risk assessment and Risk Treatment plan review 
    • ISMS Maturity Assessment
    • ISMS Internal Audit
    • Information Security awareness sessions
    • ISMS Scope expansion assistance
    • ISMS recertification assistances
  • Social Engineering
    • Phishing and vishing simulations
    • Physical security
  • IT Governance Managed Services
    • IT & Information Security Policies and Procedure Reviews
    • IT Risk Assessment and Risk Treatment Review 
  • Cloud Security Review
    • Overall Cloud Security Review 
  • Business  Continuity Management  System
    • BCMS Maturity Assessment
    • Business Continuity Risk Assessment & Treatment review  
    • Business Impact Analysis Reviews
    • Business Continuity & disaster Recovery Plans review
    • BCMS Scope expansion assistance
    • BCMS recertification assistances 
    • Business Continuity Training & Awareness 
  • Security awareness and education
    • Development of computer based training modules (CBT)
    • Onsite training 
    • Game of Threats™ Cyber Threat Simulation

Game of Threats™ Cyber Threat Simulation

Game of Threats™ is a digital game that simulates the speed and complexity of a real-world cyber breach to help executives better understand the steps they can take to protect their companies. The game environment creates a realistic experience where both sides – the company and the attacker, are required to make quick, high impact decisions with minimal information.

Find out more about Game of Threats™

Payment Related Mobile Application Review

Mobile applications are going beyond just a 'view only' banking channel to becoming the primary channel for many banks. This changes the paradigm of security for mobile banking applications. With insecure end point devices, a highly diverse ecosystem and a combination of a variety of technologies, mobile banking is set to become one of the highest risk channels for banks.

Find out more about Payment Related Mobile Application Review

GDPR Compliance

The General Data Protection Regulation (GDPR) is a European Union Regulation that has been design to strengthen and unify privacy data protection of EU citizens.

If you are an organisation processing personal data of European Citizens’ or non-EU organization who involve in following activities,

  • Targeting European citizens with goods and services ;
  • Monitoring the activities of European citizens,

Need to comply with GDPR, which effect from 25 May 2018. In that time, those organizations in non-compliance may face heavy penalties.



{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}

Contact us

Nishan Mendis

Nishan Mendis

Technology Consulting Leader, PwC Sri Lanka

Tel: +94 11 7719700 ext. 1001

Vengadasalam Balagobi

Vengadasalam Balagobi

Practice Head - Cyber Security, PwC Sri Lanka

Tel: +94 11 7719700 ext.1601, +94 77 2315168

Follow us