Transcription of EY Cyber Security and Data Privacy
1 EY Cyber Security and Data Privacy Facilitating trust and shaping the future of Cyber Security In a nutshell EY. Cybersecurity EY Cybersecurity enables trust in systems, design and Security by data, so that organizations can take more risks, make Design transformational changes and enable innovation with confidence. Sector-based Strategy, solutions Next We accomplish our mission by developing solutions Risk, Generation that can be used to assure Security and resilience of Compliance key business transformation initiatives and/or business Security and Resilience Operations functions. Competencies Architecture, Data Engineering and These solutions are built using talent, experience and Protection and Privacy Emerging capabilities which reside within our 5 competencies. Identity and Technology Access Management We deliver solutions to our customers as part of a design, implementation or run phase of an engagement.
2 Page2 An overview of our EY Advisory Cybersecurity services 8 December 2020. Cybersecurity and business resilience overview EY Cybersecurity enables trust in systems, design and data, so that organizations can take more risks, make transformational changes and enable innovation with confidence. Cyber Data Identity and Architecture, Next strategy, risk, protection and access engineering and generation compliance and Privacy management emerging Security resilience technology operations and response These solutions help These solutions are These solutions are These solutions are These solutions help organizations designed to help designed to help designed to help organizations evaluate the organizations protect organizations with organizations protect proactively identify effectiveness and their information over their definition of themselves from and manage risks, efficiencies of their the full data lifecycle access management adversaries that monitor threats, and program in the from acquisition to strategy, governance.
3 Would seek to exploit investigate the context of business disposal. Our service access weaknesses in the effects of real-world growth and offering helps transformation, and design, attacks. These rapidly operations strategies. companies and ongoing operations. implementation, and integrate The solutions apply organizations stay up The solutions help operation of their cybersecurity consistently, to date with data organizations ensure technical Security functions and regardless of where Security and data that the right users controls, including technologies to adapt they are applied (IT, Privacy good validate who they are disruptive to demands. IoT, OT, Cloud), practices, as well as and get access to the technologies in the provide clear compliance with right organization marketplace.
4 Measurement of risks regulations, in a resources. and capture current constantly evolving risks to the threat environment organization and and regulatory demonstrate how landscape. Cyber risks will be managed going forward. Page 3 An overview of our EY Advisory Cybersecurity services EY Cyber strategy, risk, compliance and resilience services at a glance Cyber strategy Cyber risk Cyber compliance Cyber resilience services services services programs EY Security strategy, risk, compliance and resilience portfolio Benefits This set of solutions help organizations Provide a clear picture of current Cyber risk posture and evaluate the effectiveness and efficiencies capabilities, giving management and directors a view of how, of their cybersecurity and resiliency where and why to invest in managing Cyber risks.
5 Programs in the context of business growth Implement and execute a strategy and overarching Cyber and operations strategies. The solutions program that allows for rigorous, structured decision making apply consistently regardless of where they are applied (IT, IoT, OT, Cloud), provide and financial analysis of Cyber risks. clear measurement of risks and capture Achieve and sustain regulatory compliance requirements as the current risks to the organization and outcome of a well-designed and executed Cyber function. demonstrate how Cyber risks will be managed going forward. Each service can Build a more risk aware culture through education and be combined to form a larger program or awareness to minimize the impact of human behaviours. transformation effort. Operate a program that is resilient in the face of ever evolving Cyber threats and digital business strategies.
6 Page 4 An overview of our EY Advisory Cybersecurity services 8 December 2020. EY Cyber strategy, risk, compliance and resilience services Cyber strategy Cyber risk Cyber compliance Cyber resilience services services services services Provides organizations with Quantify Cyber risks to the Helps organizations achieve, Programmatic approach to industry perspective on enterprise in financial maintain and report on identification, evaluation and Security capabilities, terms, perform analysis compliance with an ever- implementation of Cyber supports development of driving business decisions evolving, global Cyber resilience measures. cost optimized operating on Cyber risk treatment and regulatory landscape. models, and supports educate key stakeholders diligence and integration on roles and through M&A lifecycle.
7 Responsibilities. Cyber program Cyber risk management Policies, standards, Secure business continuity accelerator (CPA) Cyber risk quantification processes and guidelines management assessment, Cyber benchmarking and Compliance program strategy and planning Cyber metrics program performance analysis readiness and remediation Secure business continuity Cyber performance Management exercises, Cyber strategy and dashboarding Compliance-as-a-service roadmap simulations and testing Cyber board reporting Cyber certification Cyber operating model Physical Security and Cyber academy Cyber attestation safety and organizational design Cyber cost optimization Security awareness-as-a- Cyber disaster recovery service assessment, strategy and Cyber transformation planning and co-sourcing Cyber marketing hub Nth -party Security risk Cyber disaster recovery Pre-Transaction Cyber and restoration exercises.
8 Assessment and due management simulations and testing diligence Product Security assessment and program Global Cyber disaster Transaction Cyber business restoration and program strategy management recovery surge support Post-transaction Cyber Supply chain Security Evidence-based resilience program stand-up Crisis management program design and implementation Crisis operations command and control support Cyber crisis communications and public relations management Page 5 An overview of our EY Advisory Cybersecurity services EY data protection and Privacy capabilities at a glance Data protection Data Data Data and Privacy High value protection protection governance Managed assessment, asset (HVA) and Privacy and Privacy and data services strategy and protection technology awareness ethics transformation enablement and training EY data protection and Privacy portfolio EY's data protection and Privacy services Benefits and solutions are designed to help Our portfolio of services support a more effective, maintainable organizations protect their information data protection and compliance management posture, helping over the full data lifecycle from reduce associated costs.
9 Moreover, it assists in protecting brand acquisition to disposal. Our service offering reputation through the protection of business, customer and helps organizations stay up to date with other sensitive or regulated information. It empowers data Security and data Privacy good organizations to more effectively avert costly data breaches, and practices, as well as compliance with reduces risks of non-compliance that might lead to fines from regulation, in a constantly evolving threat regulators. If a breach should occur, our services will help environment and regulatory landscape. In the event of misuse or breach of personal companies remediate the breach and meet reporting obligations information, our services can help timely. companies forensically identify the scope and nature of the misuse or breach, and take steps to remediate and report on the event.
10 Page 6 An overview of our EY Advisory Cybersecurity services EY data protection and Privacy services Data protection and Privacy Data governance and High Value Asset assessment, strategy and data ethics (HVA) Protection transformation Services to measure, design and Services to measure, design and Services to design and implement HVA. improve the overall data protection improve the data governance protection programs, including and Privacy strategy program and its program. Support of data ethics identifying, classifying, governing and governance. strategy. securing high value information. Maturity assessments and Data governance Data classification models and benchmarking strategies Data governance strategy Personal data compliance Data labelling and tagging methods Data ethics assessment assessment through data analytics and approaches Data ethics strategy Assessment and remediation Data handling methods and services related to regional, Policies and procedures approaches national, industry data protection Program design, build and operate High value information asset and Privacy regulations Data exposure assessment identification, crown jewels Strategy, roadmap and identification across business units Access monitoring architecture design and functions Data ownership Policies, procedures, notices.
