Cyber security

Cyber security

KPMG Cyber Security team provides independent, jargon-free advice and advanced technology capabilities to help you manage your technology risks.

Independent, jargon-free advice to help manage your technology risks.

The digital environment presents opportunities for business that want to seek out new markets and are prepared to invest in transformational change. The last ten years have seen a rapid emergence of new technology, greater connectivity for organisations and individuals, and a 24/7 approach to global commerce. However, this has left many organisations behind the curve and struggling to achieve their business aspirations without feeling exposed to cyber security risk.

The constant evolving threat landscape means that cyber risk is an everyday business consideration. This undoubtedly presents a feeling of vulnerability, which has been leveraged by some to increase budget and to sell products. We have often found that this results in significant sums of investment on ineffective programmes with poor alignment to risk and business imperatives. Cyber security is not a quick technical fix nor is it a matter solely for the IT department.

At KPMG we see all too often these behaviours leave leadership wondering what they really need to do, how much is really enough and who can they trust to help them get it right.

We believe that by turning traditional thinking on its head, adopting a positive approach to managing cyber risk, will set organisations free to achieve their business aspirations.

How we can help
KPMG’s Cyber Security practice provides independent, jargon-free advice and advanced technology capabilities to help you proactively and reactively manage your technology risks:

  • Security Governance and Risk Management, including security governance assessment, Cyber Maturity Assessment (CMA), privacy risk and maturity assessment, Privacy Impact Assessment (PIA), security risk assessment, cloud risk assessment, Mobile Chief Information Security Officer (CISO), security awareness training, steering committee and board participation
  • Certification and Assurance, including NZISM and PSR assessments, third party assurance e.g. ISAE 3402 and SAE 3150, security assurance program development, ISO 27001 and ISO 22301 accreditation, PCI DSS advisory, Technical Quality Assurance (TQA), certification and accreditation services
  • Security Testing, including penetration and red team testing, vulnerability assessment, secure code review, accelerated user access training, physical security assessment, system and infrastructure configuration testing, wireless security review, go-live readiness assessment social engineering testing, data loss assessment
  • Security Architecture and Design, including security roadmap development, security architecture advice and development, security policy and standards development, Information Systems Security Plan (ISSP) development, Secure Systems Development Life Cycle (S-SDLC) advisory, threat modelling, security project delivery and quality assurance, business continuity and disaster recovery planning
  • Computer Forensics and Incident Response, including security incident response, computer forensics, electronic evidence preservation, cyber crime investigations.

 

Connect with us

 

Request for proposal

 

Submit

Cyber Security Contact