Information Protection & Business Resilience
Information Protection & Business Resilience
Effectively managing and protecting client’s most valuable data against growing cyber-criminal risk, and provide support to reduce corporate...
Effectively managing and protecting client’s most valuable data against growing...
Cyber Risk that threatens business has increased and become the main concern on agenda of BOD & management. Samjong KPMG Cyber Security Center as outlined in the below key areas serves to defend the customers, the interested party, and management against evolving cyber threats.
The trend globally is that the laws and regulations have been reinforced to protect personal information and local laws have also expanded the scope of privacy and strengthened corporate responsibilities. In most corporations, personal information is treated extensively and accordingly the management of privacy has become a company-wide problem rather than the responsibility of simply a specific department. Accordingly when an incident occurs this is recognized with extreme seriousness as it is directly related to corporate survival and can cause significant reputational damage.
KPMG Personal Information Service can help corporations to take the appropriate measures to prevent misuse, properly disclose, and with the ongoing management to comply with legal requirements as they obtain and manage personal information. In order to strengthen company-wide privacy, the following must occur.
- Identify the status of personal information security in the company and also vulnerabilities.
- Build up the system and integrated management framework to identify practical controls and the current status of personal information security.
Data Privacy Governance
Establishing a sound company-wide enterprise cyber security scheme that enhances the level of security in regard to people, processes and technology which provides a competitive business advantage. It is important to consider information security as one of the key considerations when making business decisions through the internalized cyber security and information security culture in a company.
- Establishing Information Security Governance (Governance, Risk management, Compliance, and GRC) : It is difficult to respond effectively to business risk across the enterprise because risk management and compliance have been managed at the department level or at the individual project level or solutions focusing on governance and risk compliance were only partially implemented. Samjong KPMG provides advisory service to build a company-wide integrated system so that a company can easily comply with regulations and proactively respond to business risks associated with changes in the business environment.
- Security Strategies : With comprehensive IT support solutions in diverse industries and businesses, Samjong KPMG provides advisory security strategy and encompassing vision, control framework, and company-wide employee awareness program.
- Corporate-wide Security Architecture : Samjong KPMG provides advisory service for the design and implementation of security systems to reduce the cost of compliance and to select optimal solutions.
Information Security Certification
Recently, there is an emphasis on self-regulation in the current environment to correspond with compliance, with the regulators putting the burden of responsibility on management to implement an effective preemptive action plan to ensure compliance. In addition, there is demand to be in compliance with global practices as a result of the rapid growth in the cloud market and global mobile payment service industry, and regarding this, it is essential to establish systematic security governance and acquire credibility internally and externally through third party assurance. Samjong KPMG provides advisory service corresponding to global security certification and security management system to enhance the level of corporate security and to comply with domestic and international compliance.
- PCI-DDS Certification Advisory : PCI Security Standards Council sets the industry standards that credit card companies need to follow for the purpose of prevention against credit card fraud or information, and we provide services for preparation and acquisition of certification in accordance with to the standards.
- PIMS/IMS certification system : Provides services to our clients who wish to obtain certification by assisting with the preparation process and establishing the appropriate protective measures.
- Advisory global certification, i.e. ISO27001 : Provides enhanced sustainable security infrastructure.
- Cloud Service Certification (FedRAMP) : Provides services to our clients who wish to obtain information security certification service for corporate cloud products/ services which was launched by the US Federal Government.
Data privacy needs to establish c preemptive action plan to prevent disclosure of information and to revisit the appropriateness of the current level of compliance in order to protect the data privacy in consideration of the stricter regulatory environment.
- Establishing global privacy governance structure : Establish privacy governance structure in consideration of benchmarked global best practices, the client’s needs and regulatory compliance.
- Data Privacy comprehensive diagnostic advisory service : Can help establish a preemptive response system based on the existing system and controls on data privacy and the analysis of appropriateness. In addition, by considering data privacy retention period, our team analyzes the current management status and identifies the areas of improvement in accordance with regulatory requirements. As a result, a managerially and technically optimized system is achieved.
Industry Privacy Protection
Cyber threats have constantly increased as technology continues to progress and the business environment changes. Corporations also face internal/external threats on the leak of the customers’ information, employee information, and corporate intellectual property. Samjong KPMG supports in establishing information leakage prevention/monitoring systems based on the internal information retention period targeting companies that need to protect critical business information and maintain their competitive advantage.
- Identifying Security Risk : We provide the service to diagnose a company’s data security through analysis of the current data security system and locate vulnerabilities to identify the areas of improvement which includes identifying important documents / information system in accordance with the corporate environment. In particular, establish security action plan through analysis of the current industry confidential data security system and locate vulnerabilities to identify the areas of improvement for industry confidential data.
- Risk Response Strategies : Establish the challenges of security risk and operational readiness and security framework and master plan based on the identified security risk.
- Enforcing Security : Establish the sound security system through analysis of current effectiveness of access controls and CCTV system.
Cyber-attacks are increasing and becoming more sophisticated as time goes on. Recently there have been increased number of incidents that target corporations which can be classified as Advanced Persistent Threat (APT) with a clear political and economic motive. Samjong KPMG provides diagnoses vulnerability and mock hacking for the system/web/network/mobile/IoT based on the proven methodologies for cyber-attack response.
- Diagnose Infrastructure Security/analysis and evaluation of vulnerability in financial sector : Analyze the current security status of OS, DBMS, WEB/WAS of server and locate vulnerabilities to identify the areas of improvements.
- Web/Mobile Penetration Testing : We provide countermeasures to prevent and block both internal and external threats and security incidents by penetration testing on the client’s website and mobile application.
- Red Team + Advanced Penetration Testing : In addition to web/mobile/ infrastructure penetration testing, we perform tests to locate vulnerabilities related to internal penetration of system, data security, system errors followed by comprehensive penetration testing.