Cyber security framework/ compliance assessment
- This service offering focuses on our clients’ ability to comply with industry standard frameworks such as NIST CSF (Cybersecurity Framework) COBIT,
ISO, and other relevant information security regulatory frameworks.
- By assessing current state security control processes, we assist clients in identifying needs, strengths, and weaknesses in the current environment as compared to peers and determining future business processes and technology that will be needed in order to mature the cybersecurity function.
Cyber Maturity Assessment (CMA)
- KPMG’s Cyber Maturity Assessment (CMA) is a unique offering that incorporates our insight into leading cyber practices from the public and private sectors.
- The assessment is targeted at Boards and Executives to assist with appropriate Board-level reporting and communications.
- The CMA framework is based on a combination of internationally accepted standards (e.g., NIST CSF, ISO, COBIT, etc.) and can be tailored to the specific requirements of our clients, yet is comprehensive in its ability to address six key dimensions that together provide an in depth view of an organizations’s cyber maturity.
Cyber strategy and target operating model
- The KPMG cyber strategy and target operating model service provides clients
with a comprehensive method to establish a security strategy, quantify risks, evaluate true cost, and determine effectiveness of their current security program.
- Driven by an assessment of core capabilities across people, process, and technology, clients will gain an understanding of their current security capability maturity, which will then drive the creation of a tailored Target Operating Model.
Cyber Key Performance Indicator, Metrics and dashboarding
- KPMG’s CISO metrics and reporting service helps security organizations establish a consistent, repeatable, and mature process for reporting cybersecurity performance at all levels — to the Board, executive management, and information security leadership.
Information and Data Governance
- KPMG’s approach to information governance begins with an intimate understanding of industry issues and business processes. KPMG uses a DC2 approach (i.e., Define, Clean, Discover, Change) to assess and improve information governance capabilities. Privacy regulations and compliance requirements have exploded in the last 12 months.
Data privacy and protection
- Our clients are struggling with designing, building, and sustaining privacy programs that meet employee, customer, and regulatory expectations. Similar to privacy concerns, corporate retention and disposition obligations are fast evolving and changing. Organizations must develop policies and implement technology enablers to facilitate the effective lifecycle management of records and data.
Third-party security risk management
- The third party security risk management service assists our clients with the design and execution of a third party security assessment program.
- This service will provide clients with a risk triage model, representative assessment questionnaires, and a centralized coordination and reporting office to assist our clients in conducting assessments of their vendors, suppliers, and other third party business partners across the globe.
- KPMG’s business resilience service assists our clients with the development and deployment of a business continuity management (BCM) program including emergency response, crisis management, business continuity, and technology recovery.
- Key steps include understanding recovery priorities and requirements through a business impact analysis, developing continuity strategies and plans, and performing regular exercising, testing, and maintenance of strategies and plans.