The increasing dependence on technology for core business processes (IT enabled transformation) renders information confidentiality, integrity, and availability essential and puts forth the need for effective and risk-based information security planning.
KPMG's technology advisers can assist clients in:
- Conducting Risk Assessments by identifying technology threats & vulnerabilities and evaluating business impact (BIA) and compliance exceptions. In particular, we provide penetration testing and vulnerability scanning services to assist our clients to identify key vulnerabilities and risks.
- Designing enterprise-wide Security and Continuity strategy and architecture based on industry standards and security control frameworks (i.e. ISO/IEC 2700x etc.)
- Developing and management of an Information Security Programme
- Developing business continuity and disaster recovery plans
- Implementing security solutions for mitigating key technology risks such as those related to access control/ management.
In this respect, KPMG in Greece provides security services classified in service categories as follows:
- Information protection Strategy, Governance and Policy - Includes our services related to designing information protection –Security- strategy, governance structures, control framework design, organizational design, policy assessment and development services
- Business and Technology Assessment - Includes all security testing, enterprise security assessments, business risk assessments (incl. Business Impact Assessments – BIA-, Threats & Vulnerabilities Analysis – T&V A), physical security and unified IT compliance and testing projects. Security testing services (incl. penetration testing and vulnerabilities scanning) employ automated and manual testing techniques to help assess a client’s technical controls around their infrastructure, systems and applications.
- Business and Technology Resilience - Includes all BCM, BCP, DR, Crisis Management & High Availability
- Identity and Access Management - Includes all IAM services including Strategy, Process Optimization, Project Management, and Technolog Implementation
- Information Governance and Privacy - Includes all data classification, data flow analysis, data control frameworks, privacy strategy, privacy assessments, and information lifecycle management solutions
- Information Protection Architecture - Includes all of our enterprise security architecture, information protection architecture design & implementation.
KPMG is uniquely placed to assist your Organization in Information Security, as:
- We know the Industries and vertical Markets we serve and can leverage our skills and knowledge globally to help address your issues and deliver real value and service to your organization.
- We operate a global security practice that can support your global needs locally if required. We focus on delivering pragmatic solutions leveraging the broadest range of truly independent specialist skills in the market.
- We have deep knowledge and experience in performing information security and risk assessments assignments. KPMG has undertaken various ISO/IEC 27001 reviews and certifications as well as assessments of the impacts of specific regulations. We have extensive experience in assisting our clients to assess all aspects of Information Security including the identification of gaps. These have been supplemented by roadmaps for change detailing the remedial actions required to raise information security to an acceptable level.
- The specific tools, technical work programs and methodologies we can bring to an engagement have been built up over many years and include leading libraries and databases of best practice compliance processes and security standards against which to review your approach and infrastructure respectively.
- We have people who are extremely well qualified to Information Security. We will provide you with a team of specialists experienced in information security, operational risk, regulatory risk and IT effectiveness. Our team will provide experience and expertise in the areas you require but will also work as an integral part of your own team throughout a project.
- We are a truly independent advisor and consequently we would be able to work with you through to implementation of our recommendations unimpeded by potential regulatory or other restrictions.