IT Security and IT Risk Management

Information security can help you meet business objectives

Organisations today are under ever increasing pressure to comply with regulatory requirements, maintain strong operational performance, and increase shareholder value. In this hyper-competitive environment organisations can no longer afford ad-hoc security measures. Protecting intellectual property, sensitive customer information, and other business-critical information requires a comprehensive security strategy that closely matches business objectives.

Our security practice is dedicated to providing you with world class security advice. This advice is based on our global knowledge and experience of providing security consulting services governing strategy, design, configuration, and assessment of enterprise security together with identifying/accessing management solutions to our non-audit clients. We provide security and risk services to both audit and non-audit clients in 153 countries worldwide.

Our Capabilities

Value for Our Clients

We drive value by adopting a strategic approach to security planning and assessment and help design, integrate, and implement technology and security solutions:

  • Assess how security governance and planning are aligned to support business and compliance requirements.
  • Evaluate security prioritisation processes by analysing key program drivers and industry practices.
  • Assess current security strategy and provide actionable recommendations to improve program sustainability.
  • Leverage PwC’s SecurityATLAS toolset and overall security taxonomy including various capability and process models to evaluate security programs.
  • Provide industry-related security benchmarks and metrics.

We assess and provide recommendations concerning key security domains:

  • Security architecture/design
  • Application security as well as architecture and code reviews
  • Sensitive data protection
  • Identity and access management solutions
  • Integrated threat and vulnerability management solutions
  • Mobile security strategy, analysis, design and assessment services
  • Key security processes such as those supporting security communications and reporting
  • Emerging technologies, such as Cloud Computing and Social Media

We help you to improve risk management and compliance activities by:

  • Working with you to identify risk areas and recommend improvement options.
  • Utilising proven methodologies and industry knowledge to identify security measures (people, processes and technology) and process standardisation opportunities.
  • Assessing current compliance monitoring capabilities against established standards and policies to identify compliance gaps and continuous improvement opportunities.

We help you to manage the potential impact from unplanned security events, assess your security response and investigation capabilities, and provide improvement recommendations:

  • Security-related cyber crime dispute analysis and digital forensics.
  • Security crisis and response policies and procedures.
  • Post-mortem security processes which analyse and help prevent future incidents.
  • Security monitoring processes, and incident response policies and procedures.

We work with you to protect privacy and sensitive business data and increase understanding regarding your current state of maturity with privacy program related activities:

  • Drive privacy awareness programs.
  • Reporting process of privacy related risks at the board, executive management and task force level.
  • Integration of privacy and security assessment activities.
  • Examine current inventory and map business processes that involve high-risk data elements throughout the data lifecycle.
  • Third-party privacy and security oversight program including contractual safeguards, manual or automated pre-contract risk-based assessments and ongoing program.

Data Protection Services

Organisational compliance requirements vary depending upon the industry as well as the nature of the business and its customers and employees. When data breaches happen, organisations can risk incurring lawsuits, fines, regulatory sanctions, and reputational damage. As organisations increasingly adopt highly complex and collaborative business models predicated on the sharing of sensitive information (most notably personally identifiable information), the focus on privacy and compliance continues to rise in proportion to the legal, regulatory, and reputational risks associated with such business practices. In response to this threat we can assist you to protect sensitive data. Our key service offerings include:

  • Risk assessment
  • Enterprise Data Protection Framework development
  • Data protection technology deployment
  • Data classification and ownership
  • Business process creation

Disaster Recovery Planning (DRP) services

DRP encompasses any activity proactively executed focusing exclusively on the recovery of technology infrastructure (hardware, software, data communications, telecommunications, electronic information assets) from a disaster event and ensuring continuity of operations at established service levels.

We provide you with a holistic framework for enterprise survival planning to deliver a reliable, resilient, secure, and performance-driven enterprise environment to meet current and future business needs.

Contact us

Contact us

Vilaiporn Taweelappontong

Consulting Lead Partner

Tel: +66 (0) 2844 1000

Follow us