The Federal Office for National Economic Supply (FONES) has published the ICT minimum standard for the protection against cyber risks. This catalogue specifies cybersecurity standards that protect information and communication technology (ICT) systems and data from unintended or unauthorised access, or from damage or destruction.
Security is simply a resource allocation decision based on risk, but in order to communicate the value of your security programme and position yourself and your security organisation for success, you must be able to strategise and align with business needs.
“With our outstanding team of security professionals and advisors, we can support you in assessing your current security programme maturity and accompany you on your security transformation journey.”
To start your cybersecurity transformation, we get a holistic, independent overview of your cybersecurity programme, your programme’s policies, practices and governance.
PwC’s Cybersecurity framework is a comprehensive and flexible approach for the development, delivery, communication and maintenance of an enterprise-wide cybersecurity programme. It is based on a proven combination of industry standards such as ISO, NIST, as well as PwC’s own real-world experience.
Understand the strategy and guiding principles of your global cybersecurity programme, your business-critical systems and data («Crown Jewels»), the potential impact of a compromise and the relevant threats and risks against these assets.
Assess your present and future cybersecurity readiness, based on your threat environment. Define a risk-informed target state and perform a gap analysis of the actual and the recommended target state.
Assist in the development of your high-level roadmap and resource requirements to increase cybersecurity programme maturity as a part of assessment reporting.
PwC’s Cybersecurity assessment framework allows you to customise the assessment of your security programme. It is either based on an analysis of your programme governance and processes or evidence-based. Cybersecurity Risk Maturity Assessments and Cybersecurity Technical Maturity Assessments analyse your programme across people, processes and technology, using the PwC Cybersecurity framework as a reference.
While we use industry recommendations and standards to compare your maturity against a proposed target state, we help you to benchmark against peers of your market and size. We conduct interviews and workshop-based assessments of your current capability maturity levels, analyse your risk management processes and capabilities, and assess your existing cybersecurity governance framework. PwC’s assessment framework can also analyse your resilience by looking ahead, comparing existing capabilities against a changing business strategy of your organisation and a changing threat landscape.
Test your systems in real-world conditions with an evidence-based assessment (ethical hacking) to evaluate your resilience to threats. The technical assessment typically includes reconnaissance using Open Source Intelligence (OSINT) data gathering, a tailored social engineering attack (e.g. a phishing attack including malware that breaches your internal network) and Red Teaming activities on your internal network based on a predefined scenario (e.g. trying to connect to our command and control server, performing a network scan, escalating privileges to get domain administrator credentials, attempting to exfiltrate attempting to exfiltrate data, etc.).