close
Share with your friends

Cyber defense

Cyber defense

Technical cyber security assessments (VA/PT, application and mobility security)

  • KPMG in India assists organisations in identifying vulnerabilities present in their wired or wireless as well as network or application infrastructure and develop actionable remediation recommendations
  • We can also assist organisations in the assessment or development of a threat and vulnerability management programme aligned to your industry and investment appetite or assess your service provider or approach to address the changed threat landscape and new technology platforms.

Security review of components (firewalls, network devices, databases)

  • KPMG in India assists organisations in identifying security misconfiguration present in their wired or wireless network or application infrastructure and suggest actionable remediation recommendations
  • Through discussions with staff, critical components are identified and prioritised. Depending on requirements, we will then resource the relevant skills.

Industry-specific operational technology security assessment and testing (power, energy, telecom, healthcare, payment channels)

  • With the convergence of Information Technology - Operations Technology (IT-OT) systems, cyber threats and attacks are now successfully targeted to OT ICS, Supervisory Control and Data Acquisition (SCADA) or even PLC RTC 
  • KPMG in India works with clients to design a effective ICS security framework, including a cyber-governance structure, ICS security policy, procedures and control system incident-response management 

Data breach remediation

  • KPMG’s Data  Identification and Remediation service offering leverages technology to provide secure management of critical and confidential data.
  • KPMG professionals index data throughout our clients’ enterprises, identifying redundant, obsolete, and trivial data (ROT) for remediation while at the same time helping to secure the business-critical data, safeguarding it from loss and making it available for use in the business decision-making process.
  • We have worked with large power utility, energy, oil and gas organisations to secure its OT environment and identify security threats in the use of legacy solutions. 

Red teaming/blue teaming advisory

  • Red teaming is a multi-layered attack simulation designed to measure how well an organisation’s people, networks, application and physical security controls can withstand an attack from a real-life adversary.
  • Red teams are external entities brought in to test the effectiveness of a security programme. This is accomplished by emulating the behaviours and techniques of likely attackers in the most realistic way possible. In a red-team assessment, only the high-level stakeholders at the CEO and CTO levels are informed
  • Blue teams refer to the internal security team that defends against both real attackers and red teams. Blue teams should be distinguished from standard security teams in most organisations.

Cyber drills

  • An organisation may take every possible effort to prevent a cyberattack. It may have the best possible technology and process controls. An attack may still be successful
  • In such an event, it always helps to be prepared. Most organisations concentrate only on the preventive and detective controls and fail to strengthen their reactive controls. Most business continuity and disaster-recovery plans do not consider cybersecurity risks or their resilience plans
  • Organisations need to evaluate if their staff is adequately equipped to detect, defend, contain and respond to a cyber incident
  • Organisations should periodically evaluate their cyber incident response capabilities. This can happen via mock cyber war drills or simulation exercises. 

Connect with us

 

Want to do business with KPMG?

 

loading image Request for proposal