Since the last time you logged in our privacy statement has been updated. We want to ensure that you are kept up to date with any changes and as such would ask that you take a moment to review the changes. You will not continue to receive KPMG subscriptions until you accept the changes.
We want to make sure you're kept up to date. Please take a moment to review these changes. You will not receive KPMG subscription messages until you agree to the new policy.
Technical cyber security assessments (VA/PT, application and mobility security)
KPMG in India assists organisations in identifying vulnerabilities present in their wired or wireless as well as network or application infrastructure and develop actionable remediation recommendations
We can also assist organisations in the assessment or development of a threat and vulnerability management programme aligned to your industry and investment appetite or assess your service provider or approach to address the changed threat landscape and new technology platforms.
Security review of components (firewalls, network devices, databases)
KPMG in India assists organisations in identifying security misconfiguration present in their wired or wireless network or application infrastructure and suggest actionable remediation recommendations
Through discussions with staff, critical components are identified and prioritised. Depending on requirements, we will then resource the relevant skills.
With the convergence of Information Technology - Operations Technology (IT-OT) systems, cyber threats and attacks are now successfully targeted to OT ICS, Supervisory Control and Data Acquisition (SCADA) or even PLC RTC
KPMG in India works with clients to design a effective ICS security framework, including a cyber-governance structure, ICS security policy, procedures and control system incident-response management
Data breach remediation
KPMG’s Data Identification and Remediation service offering leverages technology to provide secure management of critical and confidential data.
KPMG professionals index data throughout our clients’ enterprises, identifying redundant, obsolete, and trivial data (ROT) for remediation while at the same time helping to secure the business-critical data, safeguarding it from loss and making it available for use in the business decision-making process.
We have worked with large power utility, energy, oil and gas organisations to secure its OT environment and identify security threats in the use of legacy solutions.
Red teaming/blue teaming advisory
Red teaming is a multi-layered attack simulation designed to measure how well an organisation’s people, networks, application and physical security controls can withstand an attack from a real-life adversary.
Red teams are external entities brought in to test the effectiveness of a security programme. This is accomplished by emulating the behaviours and techniques of likely attackers in the most realistic way possible. In a red-team assessment, only the high-level stakeholders at the CEO and CTO levels are informed
Blue teams refer to the internal security team that defends against both real attackers and red teams. Blue teams should be distinguished from standard security teams in most organisations.
An organisation may take every possible effort to prevent a cyberattack. It may have the best possible technology and process controls. An attack may still be successful
In such an event, it always helps to be prepared. Most organisations concentrate only on the preventive and detective controls and fail to strengthen their reactive controls. Most business continuity and disaster-recovery plans do not consider cybersecurity risks or their resilience plans
Organisations need to evaluate if their staff is adequately equipped to detect, defend, contain and respond to a cyber incident
Organisations should periodically evaluate their cyber incident response capabilities. This can happen via mock cyber war drills or simulation exercises.