pwc it security strategy and planning
TRANSCRIPT
8/3/2019 Pwc It Security Strategy and Planning
http://slidepdf.com/reader/full/pwc-it-security-strategy-and-planning 1/2
PricewaterhouseCoopers’
integrated approach to
Security Strategy and
Planning
Virtually all organisations have invested in security to
protect information assets. However, increasing threats
and changing business models – the inclusion of
outsiders into the internal technology environment, for
example – call into question whether security efforts are
meeting business needs as effectively as possible. The
misalignment that currently exists between security efforts
and business objectives must be addressed.
Recognising these competing and sometimes conflictingsecurity objectives, our Security Strategy & Planning
Service helps strike the appropriate balance between
asset protection and process enablement, reviewing
security initiatives against their associated costs and
justifying the cost of such initiatives in terms of enhanced
services, increased efficiency of existing services, or
mitigation of business risk. The resulting security strategy
is designed to set the direction of the organisation and
focus security resources on the areas of greatest value.
Even the most sophisticated companies can find their
approach to security focuses on individual components,
specific events and responses to emergencies as they
occur. Staff are kept busy solving individual problems,
but problems keep occurring because root causes aren’t
addressed. Such an approach can lead to islands of
security in a sea of risk. Our suite of proven services,
coupled with incomparable security know-how, helps you
progress from a fragmented, emergency-response mode
to one focused on the continued well-being of the whole
enterprise.
Our knowledgeable consultants use proven
methodologies that identify third-party compliance, risk
management and competitive requirements to envision
and plan for a balanced approach to security.
Our ApproachPricewaterhouseCoopers has developed reliablemethodologies to help organisations build enterprise-level
information protection programmes, or Enterprise Security
Architectures (ESA). The approach is based on the
Information Security Framework shown below.
The Information Security Framework, like any
architecture, has many different building blocks that,
combined, form a solid foundation and structure.
The result is a comprehensive, cohesive model for
information protection that takes into consideration all of
the aspects of an organisation – from business processes
to technologies to individual employees. ESA define
the Information Security Strategy that consists of layers
of policy, standards and procedures, and how they are
linked. The ESA is crucial to a successful information
security programme. Without an established ESA to
govern the infrastructure, adequate security cannot be
achieved.
PwC
Security Vision and Strategy
Information Security Management Structure
S e n i o r M a n a g e m e
n t C o m m i t m e n t T
r ai ni n g an d A
w ar en e s sP r o gr am
BusinessInitiatives
& ProcessesTechnology
Strategy & Usage Vulnerability & Risk
Assessments
Policy
Security Model
Security Architecture andTechnical Standards
Administrative and End-UserGuidelines and Procedures
EnforcementProcesses
MonitoringProcesses
RecoveryProcesses
“Decision Drivers”
Enterprise Security
Architecture Design
Tools and
Methodologies
8/3/2019 Pwc It Security Strategy and Planning
http://slidepdf.com/reader/full/pwc-it-security-strategy-and-planning 2/2
Our Service OfferingsStrategic Assessment and PlanningWe determine where your organisation stands with
regard to security, and work with you to develop long-term
plans for building a proactive, comprehensive security
programme focused on business needs. Services in this
area may include:
• Organisational Assessment – To assess if current
security functions fit the needs of the overall business.
• Framework Gap Analysis – To compare currentsecurity functions with our best-practice model.
• Security Benchmarking – To measure current
security functions against those of other organisations
of the same size in the same industry.
• Strategy Development – To design the structure of
your future security programme, and establish a path
to achieve it.
• Development of the Security Management
Framework – This framework includes the following
key areas:
• An Executive and Detailed Information Security
Policy.
• The Information Security Management System
specific to the organisation’s needs will be
defined.
• Key risk assessments to identify the threats
to assets, vulnerabilities and impacts on the
organisation.
• The areas of risk to be managed will be identified
based on the organisation’s information security
policy and degree of assurance required.
• Selection of appropriate information
security control objectives and controls for
implementation by the organisation.
In addition, we assist you throughout the development,implementation and maintenance of your information
protection programme, helping you implement a control
based, measurable security programme. Some of the
services in this area include:
• Technical control development.
• Technical security architectures.
• Asset inventories and information classification.
• Security awareness and training programmes.
• Standards implementation planning and rollout.
• Metrics development and reporting.
• Develop a Security Road Map and maturity plans.
• Develop strategic and tactical security plans.
• Provide security management education.
• Provide Security Governance assistance.
In SummaryPricewaterhouseCoopers has made significant
investments in the security industry in the form of
thought leadership, security roundtables, and proven
methodologies based on our experience in a myriad of
security engagements.
We have a comprehensive library of security knowledge,
and our professionals have extensive experience in a
variety of industries. That’s why when you engage our
Security Strategy & Planning Service, you truly gain a
trusted security advisor.
Contact details
For further information, please contact:
Angeli Hoekstra
Tel. (011) 797 4162 / 082 783 1371
E-mail: [email protected]
Diane Kelway
Tel: (011) 797 4705 / 082 575 6867
E-mail: [email protected]