EY Cyber Security And Data Privacy
EY CyberSecurity andData PrivacyFacilitating trust and shapingthe future of cyber security
In a nutshellEYCybersecuritySecurity rotectionand PrivacyEY Cybersecurity enables trust in systems, design anddata, so that organizations can take more risks, maketransformational changes and enable innovation SecurityOperationsWe accomplish our mission by developing solutionsthat can be used to assure security and resilience ofkey business transformation initiatives and/or businessfunctions.CompetenciesIdentity gingTechnologyThese solutions are built using talent, experience andcapabilities which reside within our 5 competencies.We deliver solutions to our customers as part of adesign, implementation or run phase of anengagement.Page2An overview of our EY Advisory Cybersecurity services
8 December 2020Cybersecurity and business resilience overviewEY Cybersecurity enables trust in systems, design and data, so that organizations can take more risks,make transformational changes and enable innovation with confidence.Cyberstrategy, risk,compliance andresilienceThese solutions helporganizationsevaluate theeffectiveness andefficiencies of theirprogram in thecontext of businessgrowth andoperations strategies.The solutions applyconsistently,regardless of wherethey are applied (IT,IoT, OT, Cloud),provide clearmeasurement of risksand capture currentrisks to theorganization anddemonstrate howcyber risks will bemanaged goingforward.Page 3Dataprotection andprivacyThese solutions aredesigned to helporganizations protecttheir information overthe full data lifecycle– from acquisition todisposal. Our serviceoffering helpscompanies andorganizations stay upto date with datasecurity and dataprivacy goodpractices, as well ascompliance withregulations, in aconstantly evolvingthreat environmentand regulatorylandscape.An overview of our EY Advisory Cybersecurity servicesIdentity andaccessmanagementThese solutions aredesigned to helporganizations withtheir definition ofaccess managementstrategy, governance,accesstransformation, andongoing operations.The solutions helporganizations ensurethat the right usersvalidate who they areand get access to theright organizationresources.Architecture,engineering andemergingtechnologyThese solutions aredesigned to helporganizations protectthemselves fromadversaries thatwould seek to exploitweaknesses in thedesign,implementation, andoperation of theirtechnical securitycontrols, includingdisruptivetechnologies in themarketplace.Nextgenerationsecurityoperations andresponseThese solutions helporganizationsproactively identifyand manage risks,monitor threats, andinvestigate theeffects of real-worldattacks. These rapidlyintegratecybersecurityfunctions andtechnologies to adaptto demands.
EY cyber strategy, risk, compliance and resilienceservices at a glanceCyber strategyservicesCyber riskservicesEY security strategy, risk,compliance and resilience portfolioThis set of solutions help organizationsevaluate the effectiveness and efficienciesof their cybersecurity and resiliencyprograms in the context of business growthand operations strategies. The solutionsapply consistently regardless of where theyare applied (IT, IoT, OT, Cloud), provideclear measurement of risks and capturecurrent risks to the organization anddemonstrate how cyber risks will bemanaged going forward. Each service canbe combined to form a larger program ortransformation effort.Page 4An overview of our EY Advisory Cybersecurity servicesCyber complianceservicesCyber resilienceprogramsBenefits Provide a clear picture of current cyber risk posture andcapabilities, giving management and directors a view of how,where and why to invest in managing cyber risks. Implement and execute a strategy and overarching cyberprogram that allows for rigorous, structured decision makingand financial analysis of cyber risks. Achieve and sustain regulatory compliance requirements as theoutcome of a well-designed and executed cyber function. Build a more risk aware culture through education andawareness to minimize the impact of human behaviours. Operate a program that is resilient in the face of ever evolvingcyber threats and digital business strategies.
8 December 2020EY cyber strategy, risk, compliance and resilienceservicesCyber strategyservicesCyber riskservicesCyber complianceservicesCyber resilienceservicesProvides organizations withindustry perspective onsecurity capabilities,supports development ofcost optimized operatingmodels, and supportsdiligence and integrationthrough M&A lifecycle.Quantify cyber risks to theenterprise in financialterms, perform analysisdriving business decisionson cyber risk treatment andeducate key stakeholderson roles andresponsibilities.Helps organizations achieve,maintain and report oncompliance with an everevolving, global cyberregulatory landscape.Programmatic approach toidentification, evaluation andimplementation of cyberresilience measures. Cyber programaccelerator (CPA) Cyber benchmarking andperformance analysis Cyber risk management Policies, standards,processes and guidelines Cyber risk quantification Cyber metrics program Cyber performancedashboardingCompliance programreadiness and remediation Compliance-as-a-service Cyber board reporting Cyber certification Cyber academy Cyber attestation Cyber strategy androadmap Cyber operating modeland organizational design Cyber cost optimization Cyber transformationand co-sourcingSecurity awareness-as-aservice Cyber marketing hub Pre-Transaction CyberAssessment and duediligence “Nth”-party security riskmanagement Product securityassessment and programmanagement Supply chain security Transaction cyberprogram strategy Post-transaction cyberprogram stand-upPage 5An overview of our EY Advisory Cybersecurity services Secure business continuitymanagement assessment,strategy and planning Secure business continuityManagement exercises,simulations and testing Physical security andsafety Cyber disaster recoveryassessment, strategy andplanning Cyber disaster recoveryand restoration exercises,simulations and testing Global cyber disasterbusiness restoration andrecovery surge support Evidence-based resilience Crisis managementprogram design andimplementation Crisis operations commandand control support Cyber crisiscommunications and publicrelations management
EY data protection and privacy capabilities at aglanceData protectionand privacyassessment,strategy andtransformationDatagovernanceand dataethicsHigh valueasset (HVA)protectionDataprotectionand ectionand privacyawarenessand trainingEY data protection and privacyportfolioEY’s data protection and privacy servicesand solutions are designed to helporganizations protect their informationover the full data lifecycle – fromacquisition to disposal. Our service offeringhelps organizations stay up to date withdata security and data privacy goodpractices, as well as compliance withregulation, in a constantly evolving threatenvironment and regulatory landscape. Inthe event of misuse or breach of personalinformation, our services can helpcompanies forensically identify the scopeand nature of the misuse or breach, andtake steps to remediate and report on theevent.Page 6An overview of our EY Advisory Cybersecurity servicesBenefits Our portfolio of services support a more effective, maintainabledata protection and compliance management posture, helpingreduce associated costs. Moreover, it assists in protecting brandreputation through the protection of business, customer andother sensitive or regulated information. It empowersorganizations to more effectively avert costly data breaches, andreduces risks of non-compliance that might lead to fines fromregulators. If a breach should occur, our services will helpcompanies remediate the breach and meet reporting obligationstimely.
EY data protection andprivacy servicesData protection and privacyassessment, strategy andtransformationData governance anddata ethicsHigh Value Asset(HVA) ProtectionServices to measure, design andimprove the overall data protectionand privacy strategy program and itsgovernance.Services to measure, design andimprove the data governanceprogram. Support of data ethicsstrategy.Services to design and implement HVAprotection programs, includingidentifying, classifying, governing andsecuring high value information. Maturity assessments andbenchmarking Data governancePersonal data complianceassessment through data analytics Data governance strategy Data ethics assessment Assessment and remediationservices related to regional,national, industry data protectionand privacy regulations Data ethics strategy Policies and procedures Program design, build and operate Data exposure assessment Access monitoring Data ownership Data management Strategy, roadmap andarchitecture design Policies, procedures, notices, andconsent management Data classification models andstrategies Data labelling and tagging methodsand approaches Data handling methods andapproaches High value information assetidentification, crown jewelsidentification across business unitsand functions Trade secret and intellectualproperty protection Program governance and businessalignment Insider threat assessment andprotection Program risk assessment andremediation Application and system dataassessments Program design, build and operate Data discovery scanning Privacy audit Incident response planning anddesign Operating model design Metrics and program reporting Cloud strategy PCI compliance servicesPage 7An overview of our EY Advisory Cybersecurity services
EY data protection andprivacy servicesData protection and privacytechnology enablementManaged servicesData protection and privacyawareness and trainingServices to measure, design andimprove the overall data protectionand privacy strategy program and itsgovernance.Services to measure, design andimprove the data governanceprogram. Support of data ethicsstrategy.Services to design and implement HVAprotection programs, includingidentifying, classifying, governing andsecuring high value information. End to end system selection andimplementation services for key dataprotection and privacy solutions Data protection technologymaintenance and support Data protection and privacyawareness strategy design Data protection technology rulemanagement and improvement Data protection and privacyawareness and training contentdevelopment Data protection: Data loss prevention CASB (Cloud Access SecurityBroker) Encryption and tokenization Information rights management Data tagging and labelling Privacy: Data protection technology eventmanagement and response IPA/DPO one platform ITmaintenance and support End to end data subject rightsprocess management Data privacy impact assessmentexecution support Consumer rights processautomation Record of processing activity anddata mapping maintenance support Governance Data breach support PIAs, ROPAs, data flows Data protection officer outsourcing Privacy enhancing technologies Contract lifecycle management forvendor processing agreements Data deletionPage 8An overview of our EY Advisory Cybersecurity services Data protection and privacy trainingdelivery Data protection and privacyworkshops design and delivery Data protection and privacywargame delivery
8 December 2020EY identity and access managementcapabilities at a glanceDigital identitystrategy andassessmentBusinessintegration andintelligenceEY identity and accessmanagement (IAM) portfolioThis set of solutions helps supportorganizations with their definition ofaccess management strategy, governance,access transformation and ongoingoperations. IAM includes the processes andtechnologies collectively used to managethe lifecycle of digital identities (profiles)for people, systems, services and users,and is a crucial part of keeping a client’sdata and key resources protected fromcyber attacks and limited to only those whoshould have access.Page 9An overview of our EY Advisory Cybersecurity servicesIdentity and accessmanagement, privilegedand multifactor solutionengineeringManagedidentityDigital identityinnovationBenefits Enables digital initiatives at organizations by connectingtechnologies in use. Reduces cyber risks by giving management and directors a clear,granular view of who has access to what resource in thecompany and a framework for managing that access securely. Improves the efficiency of existing tools and processes andidentifies opportunities to reduce costs associated withmaintaining identities. Enables compliance with technical standards, laws, andregulations. Enhances user experiences in the access and use of criticalsystems and data.
8 December 2020EY identity and accessmanagement servicesDigital identitystrategy andassessmentBusiness integration Identity and accessand intelligenceManaged identitymanagement,privileged andmultifactor solutionengineeringServices to assess,design, and implementa digital identitystrategyServices to measure,design and improveaccess managementmodelsServices to design andimplement architectureand technology toenable a digital identitystrategyService designed totransform, run, and,maintain Identity-as-aserviceServices designed todevelop and test newidentity models andmethods IAM transformationservices Applicationonboarding factory Digital identity as aservice, solutionmanagement Rapid prototyping System integrationand implementation Service deploymentand transition Applicationonboarding Business Identity data analytics Identity and accessrequirement analysisand remediationarchitecture anddesign Strategy and Identity and accessroadmap definition cloud, hybrid and onpremise Business casedevelopment Tools andtechnologyrationalisation,evaluation andselectionmanagementoperationoptimisation Access modelenhancement (ABAC,RBAC, ERBAC, SoD) Reporting and metricsimprovementPage 10 An overview of our EY Advisory Cybersecurity servicesDigital identityinnovation Solution migrationand optimisation Automated testing Visualization
8 December 2020EY’s security architecture, securityengineering, and emerging technologiesservices and solutions are designed to helpcompanies protect their organizations fromadversaries that would seek to exploitweaknesses in the design, implementation,and operation of their technical securitycontrols, including disruptive technologiesin the marketplace (e.g., cloud computing,blockchain, internet of things(IoT)/industrial control systems (ICS)devices, connected automotive, roboticprocess automation (RPA), etc.)Page 11 An overview of our EY Advisory Cybersecurity servicesOT/ICS and IoToperations andgovernanceSecurity analytics andarchitectureOT/IoTimplementationSecurity analyticsfor resilienceOT/IoT securityby mentation andintegrationSecuritysolution developmentSecurityengineeringmanaged transformationSecureintegrationsTechnicalcontrol transformationEY security architecture, securityengineering, and emergingtechnologies rityengineeringSecurityarchitectureEmerging technologytransformationEY architecture, engineering and emergingtechnology capabilities at a glanceBenefits Our extensive portfolio of services and offerings enables EY tomore comprehensively serve our organizations across multipleaspects of their cybersecurity portfolio.
8 December 2020Security architectureservicesSecurity Technical controldesignServices to measure, designand improve the overallsecurity architecture programand its governance.Services to measure theeffectiveness of anorganization’s securityarchitecture, as well asframeworks they haveadopted.Services to design technicalsecurity solutions for ourorganizations, as well asprocesses to help them do sothemselves.Services to enable ourorganizations to securelyintegrate their variouscorporate entities (e.g.,mergers & acquisitions Security architecturestrategy Technical architectureassessments Security architectureassessment and designpattern development Technical controlassessments Secure Systems andSoftware DevelopmentLifecycle (SDLC) processdesign and implementation Secure integrationapproach design andimplementation Technology effectivenessassessment DevSecOps process designand implementation Application securityarchitecture review andassessment Proof of value facilitation Programdesign/build/operate SABSA (Sherwood AppliedBusiness SecurityArchitecture) Technology solutionselection and evaluation Security technologyportfolio rationalization forintegrated entities Program strategy androadmap design TOGAF (The Open GroupArchitecture Framework) Technology design andimplementation DevSecOps pipelineintegration Operating model design OSA (Open SecurityArchitecture) Application securitycontrols design Integration fabric riskassessment andremediation Policies and procedures Program governance andbusiness alignment Program risk assessmentand remediation Metrics and programreporting O-ESA (Open EnterpriseSecurity Architecture)Page 12 An overview of our EY Advisory Cybersecurity services Technology strategy andrequirements analysis Cloud security controldesignSecureintegrations Current state securityposture assessmentsbefore integration Integration fabric programdesign/build/operate Metrics and programreporting
8 December 2020Security engineeringservicesSecurity curity technologyportfolio managementSecure engineeringmanaged servicesServices to measure, designand improve the overallsecurity engineeringprogram and itsgovernance.Services to implementtechnical security solutionsfor our organizations, as wellas processes to help them doso themselves.Services to continuously rightsize our client’s securitytechnology portfolio tomaximize value to cost.Services to continuouslymanage the securityinfrastructure for ourorganizations Security engineeringstrategy Policies and procedures Program governance andbusiness alignment Program risk assessmentand remediation Program design, build andoperate Program strategy androadmap design Operating model design Metrics and programreporting Use caseworkshops/definition Technology requirementsanalysis Technology solutionselection and evaluation Technology design andimplementation Technology deploymentplanning Technology operationalprocesses creation Engineering documentationcreation (e.g., schematics,diagrams, processes,procedures) Technology migration[SIEM] Technology uplift [Follow-upto prescriptive value pathassessment] Application securitycontrols implementation Secure SDLC Cloud security solutiondesign and implementation Current state securitytechnology assessment Use case analysis Scope of deploymentanalysis Utilization analysis Cost analysis Future staterecommendations basedon analysis Security technology productmanagement Security technology productdeployments Security technology productupgrades Security technology productconfiguration changes Security technology productdecommissions Cloud security monitoringPage 13 An overview of our EY Advisory Cybersecurity services
8 December 2020Emerging technologyservicesSecurity solutiondevelopmentTechnical assessment,implementation andintegrationSecurity analytics forresilienceSecurity analytics andarchitectureServices to measure, designand improve the overall stateof security for emergingtechnologies.Services to assess thesecurity of an emergingtechnology, implementchanges to improve itssecurity, and integrate thetechnology.Services to apply advancedanalytics to technical,network and systemsconfiguration data to developsustainable, data drivendependency mapping toeffectuate resiliencecapabilities.Design and implementation ofbespoke analytics use casesand big data services tosupport client’s security andbusiness strategy. Point of view creation Use case workshops anddefinition Data source assessment Custom analytical models Data driven asset mapping Data centralization Technology requirementsanalysis Use case workshop designand implementation Architecture design Technology solutionselection and evaluation Program strategy androadmap Alliance potentialvalidation Security solution creation Go to market materials Policies and procedures Program risk assessmentand remediation Program design, build andoperate Program strategy androadmap design Operating model design Metrics and programreporting Proof of concept/pilot Technology design andimplementation Technology deploymentplanning Engineering documentationcreation (e.g., schematics,diagrams, processes,procedures) Network segmentation Infrastructure configurationanalysisPage 14 An overview of our EY Advisory Cybersecurity services Metrics and reporting
8 December 2020Emerging technology services(OT/ICS, IoT, Cloud)Emerging technologiestransformationOT/IoT security by design OT/IoT implementationand integrationOT/ICS IoT operationsand governanceSecurity transformationprograms driven by OT, IoT,cloud, and “smart”technologiesSecure design andimplementation of OT, IoT,cloud and other “smart”technologies.Integration, convergence,standardization andharmonization across theorganization to achievesuccessful management ofcyber security with embeddedOT/ICS and IoT technologies OT/IoT cybertransformation programs OT/IoT security strategy OT/IoT transformationalroadmap OT/IoT-specific processesand standardsdevelopment Protection services(security assessments andpenetration tests ofemerging technologieswith specific threatassessment [e.g., IoT,cloud impact])Services to implementtechnical security for OT/IoT OT/IoT environmentdetection and monitoring,OT SOC, incident response OT/ICS and IT securityintegration andconvergence. IT/OT networksegmentation OT extension of cybersecurity services (e.g.,backup management, antimalware, active directory,asset management,vulnerability management,remote access)IT/OT operating modeldesign - securityoperations to prevent,detect, respond andrecover from attacks OT/IoT laboratory services(design, use, setup andimplementation support)OT organization structuredefinition of security roles,responsibilities andservices to achieve riskmanagement objectives OT security serviceoperationsOT/IoT managed services OT security sourcing,insourcing, outsourcingSmart sensors andactuators, cloud and IoTplatform, connectivityassessment and protection OT/IoT security project andprogram management Smart buildings and cityprotection Process safety (e.g.,SIS/ESD systems) Smart factory and industry4.0 protection IT/OT networksegmentation architecture OT asset management IoT architecture Cloud architecture SDLC and productsecurity/connectedproductsOT security servicecatalogue OT/IoT securitydashboards and KPIs Regulatory requirements(EU NIS Directive, NISTCSF)Page 15 An overview of our EY Advisory Cybersecurity services
8 December 2020EY next generation securityoperations and response portfolioEY’s next generation security operationsand response services along with a deepportfolio of advisory, implementation andmanaged services, can help organizationsbuild a transformation strategy androadmap to implement the next generationof security operations, and provide theright amount of support to help youmanage world-class security operations ina programmatic way.Page 16 An overview of our EY Advisory Cybersecurity servicesThreathunting andcompromiseInsider nagementThreatdetectionand responseAttack andpenetrationtestingCyber threatintelligenceIncidentreadiness andresponseSIEM design,deploy nEY Next generation security operations and responsecapabilities at a glanceBenefits Helps plan, design, build and optimize a world-class securityoperations center (SOC). Identifies and prioritizes capital and operational investments tohelp organizations apply effective defenses to cyber threats. Delivers just in time on-site support and remote incidentresponse support to help quickly contain, eradicate an intruderthat has compromised a client’s digital assets and implementenhanced defenses to reduce risk going forward. Accelerates and sustains threat and vulnerability managementeffectiveness. Identifies vulnerable systems and networks through controlledpenetration tests, dynamic and static application testing andhelps organizations remediate to their acceptable risk tolerance. Monitors and responds to advanced threats via market leadingtechnology and intelligence. Discover and manage critical system vulnerabilities which canact as points of entry into the environment.
8 December 2020The EYadvantageSpeed tomaturityLowerstart-upcostsAbility to moveyour programup the maturitycurve rapidlywith provenmethodologies,processes andtechnologyNo need forinvestment intosignificant staffand up-frontcapital toincreasematurity nsassure that aprogram isoptimized toaddress riskwithin thecontext of theorganization’srisk appetitePage 17 An overview of our EY Advisory Cybersecurity servicesAccess tosectorspecificinnovationResources offersector-specificknowledge andmultidisciplinary experienceand access ilitatescybersecuritytrust into everybusinessinitiative fromthe beginningDeliversintegratedsolutionsaligned tobusiness needs,not pointsolutions whichadd complexityand cost overtimeFasterresponsetimeOptimizeprocesses andefficientoperations tospeed upresponse tocrises
Ernst & Young LLPEY Assurance Tax Strategy and Transactions ConsultingAbout EYEY is a global leader in assurance, tax, strategy, transaction andconsulting services. The insights and quality services we deliver helpbuild trust and confidence in the capital markets and in economiesthe world over. We develop outstanding leaders who team to deliveron our promises to all of our stakeholders. In so doing, we play acritical role in building a better working world for our people, for ourclients and for our communities.EY refers to the global organization, and may refer to one or more,of the member firms of Ernst & Young Global Limited, each of whichis a separate legal entity. Ernst & Young Global Limited, a UKcompany limited by guarantee, does not provide services to clients.Information about how EY collects and uses personal data and adescription of the rights individuals have under data protectionlegislation are available via ey.com/privacy. For more informationabout our organization, please visit ey.com.Ernst & Young LLP is one of the Indian client serving member firms of EYGM Limited. Formore information about our organization, please visit www.ey.com/en in.Ernst & Young LLP is a Limited Liability Partnership, registered under the Limited LiabilityPartnership Act, 2008 in India, having its registered office at 22 Camac Street, 3rd Floor,Block C, Kolkata – 700016 2020 Ernst & Young LLP. Published in India.All Rights Reserved.EYIN2012-006ED NoneThis publication contains information in summary form and is therefore intended for generalguidance only. It is not intended to be a substitute for detailed research or the exercise ofprofessional judgment. Neither EYGM Limited nor any other member of the global Ernst &Young organization can accept any responsibility for loss occasioned to any person acting orrefraining from action as a result of any material in this publication. On any specific matter,reference should be made to the appropriate advisor.SN18Report titles
EY data protection and privacy portfolio EY's data protection and privacy services and solutions are designed to help organizations protect their information over the full data lifecycle - from acquisition to disposal. Our service offering helps organizations stay up to date with data security and data privacy good
the 1st Edition of Botswana Cyber Security Report. This report contains content from a variety of sources and covers highly critical topics in cyber intelligence, cyber security trends, industry risk ranking and Cyber security skills gap. Over the last 6 years, we have consistently strived to demystify the state of Cyber security in Africa.
What is Cyber Security? The term cyber security refers to all safeguards and measures implemented to reduce the likelihood of a digital security breach. Cyber security affects all computers and mobile devices across the board - all of which may be targeted by cyber criminals. Cyber security focuses heavily on privacy and
Cyber Vigilance Cyber Security Cyber Strategy Foreword Next Three fundamental drivers that drive growth and create cyber risks: Managing cyber risk to grow and protect business value The Deloitte CSF is a business-driven, threat-based approach to conducting cyber assessments based on an organization's specific business, threats, and capabilities.
Cyber crimes pose a real threat today and are rising very rapidly both in intensity and complexity with the spread of internet and smart phones. As dismal as it may sound, cyber crime is outpacing cyber security. About 80 percent of cyber attacks are related to cyber crimes. More importantly, cyber crimes have
Cyber Security Training For School Staff. Agenda School cyber resilience in numbers Who is behind school cyber attacks? Cyber threats from outside the school Cyber threats from inside the school 4 key ways to defend yourself. of schools experienced some form of cyber
Cyber Security Cyber security is designed to protect systems, networks and data from cyber crimes. Effective cyber security reduces the risk of a cyber attack and protects organizations from the deliberate exploitation of its assets. Business Continuity Business continuity provides the capability to
DHS Cyber Security Programs Cyber Resilience Review (CRR) Evaluate how CIKR providers manage cyber security of significant information services and assets Cyber Infrastructure Survey Tool (C-IST) Identify and document critical cyber security information including system-level configurations and functions, cyber security threats,
Cyber security in a digital business world 68% of cyber security leaders will invest more in security as their business model evolves. 44% are using managed security services 21% report that suppliers and business partners were the source of a cyber attack in the last 12 months www.pwc.co.nz/gsiss2017 Cyber security in a digital business world
