Cybersecurity – Strategy and Transformation
Cybersecurity for a secure business environment
Cybersecurity in a digitalised world is more important than ever. It is fundamental to build both trust and confidence in your digital business and platform. Protect your investments and grow your business, while staying secure and compliant. Harness yourself against modern challenges.
Swiss ICT minimum standard for protection against cyber risks
The Federal Office for National Economic Supply (FONES) has published the ICT minimum standard for the protection against cyber risks. This catalogue specifies cybersecurity standards that protect information and communication technology (ICT) systems and data from unintended or unauthorised access, or from damage or destruction.
Strategise and align
Security is simply a resource allocation decision based on risk, but in order to communicate the value of your security programme and position yourself and your security organisation for success, you must be able to strategise and align with business needs.
How do we do it?
To start your cybersecurity transformation, we get a holistic, independent overview of your cybersecurity programme, your programme’s policies, practices and governance.
PwC’s Cybersecurity framework is a comprehensive and flexible approach for the development, delivery, communication and maintenance of an enterprise-wide cybersecurity programme. It is based on a proven combination of industry standards such as ISO, NIST, as well as PwC’s own real-world experience.
Understand the strategy and guiding principles of your global cybersecurity programme, your business-critical systems and data («Crown Jewels»), the potential impact of a compromise and the relevant threats and risks against these assets.
Assess your present and future cybersecurity readiness, based on your threat environment. Define a risk-informed target state and perform a gap analysis of the actual and the recommended target state.
Assist in the development of your high-level roadmap and resource requirements to increase cybersecurity programme maturity as a part of assessment reporting.
What to assess
- Cybersecurity Risk Maturity Assessment
While we use industry recommendations and standards to compare your maturity against a proposed target state, we help you to benchmark against peers of your market and size. We conduct interviews and workshop-based assessments of your current capability maturity levels, analyse your risk management processes and capabilities, and assess your existing cybersecurity governance framework. PwC’s assessment framework can also analyse your resilience by looking ahead, comparing existing capabilities against a changing business strategy of your organisation and a changing threat landscape.
- Cybersecurity Technical Maturity Assessment
Test your systems in real-world conditions with an evidence-based assessment (ethical hacking) to evaluate your resilience to threats. The technical assessment typically includes reconnaissance using Open Source Intelligence (OSINT) data gathering, a tailored social engineering attack (e.g. a phishing attack including malware that breaches your internal network) and Red Teaming activities on your internal network based on a predefined scenario (e.g. trying to connect to our command and control server, performing a network scan, escalating privileges to get domain administrator credentials, attempting to exfiltrate attempting to exfiltrate data, etc.)
What you get
- An assessment of the current capability maturity levels and the opportunity to leverage our institutional knowledge and relationships
- Documented cybersecurity capability gaps and their impact on your organisation
- Documented recommendations to address these identified security gaps
- Recommendations based on assessment results to increase your maturity in support of a global information security programme
- Transformation assistance in developing a list of actionable cybersecurity initiatives
- A high-level roadmap and prioritisation in planning of the required transformation initiatives and required resources