Organizations today are under increased pressure for continuous evaluation of their performance and for digitally transforming their operations. Pressure may come from national or international developments, shareholder requirements, government legislation and regulatory developments. In such a challenging environment, organizations must be able to align their business and IT strategy, make timely decisions based on accurate information, achieve improved performance and enhance financial management. 

At the same time, this new business paradigm introduces cyber security risks that must be properly identified and mitigated to ensure business resiliency. Information and cyber security involves management of risk, comprehensive reporting and continuous improvement. Effective security requires the active engagement of senior management to assess emerging threats and provide strong leadership. As threats and risks are subject to change, continuous assessments and improvements of the organization’s security capabilities must be considered.

In this extent, we understand that several cyber investments have been made organizations in the past to ensure that risks are minimized to the lowest possible degree. However, with the continuous changes of the threat landscape, we feel that a strategic advisor could add value by showcasing the rationale behind past and new investments, as well as guide you through a never-ending cyber response modus operandi.

Challenges meriting attention might be how to…

  • Provide top management with readily available information as to the effectiveness of the cyber investments 
  • Automate the process of assessing the cyber maturity status of the organization and of your crown jewels
  • Document the alignment of cyber to organizational-wide objectives
  • Quantify risks and analyze them based on rationalized planned investments
  • Maintain a continuous, round the clock assistance in case of a cyber incident to ensure business resiliency

So what can we do to enhance your internal capabilities?

At KPMG we are listening closely to our client demands to design solutions addressing modern day cyber challenges and the need to operationalize the cyber governance framework.

Understanding current posture – Cyber Maturity Assessment (CMA)

CMA is a KPMG proprietary methodology based on leading information security frameworks, such as Information Assurance Maturity Model (IAMM), the American National Standards Institute (ANSI) Financial Management of Cyber Risk, industry frameworks such as ISO 27001 and NIST (including Cyber security framework, 800 53, etc.) and other such standards, combined with our global insight of leading practices in risk management and cyber security.

Offered through a web-based assessment platform, CMA provides efficient assessment delivery by easy web access and option for delegation of questions, flexible adaption of controls and question catalogue to individually match your needs, as well as intuitive web interface with interactive charts and export functionality bundled with secure storage of data by using strong encryption and data center locations only within EU.

Our CMA offering comes into three distinct flavors: 

  • CMA Lite: A quick one-week engagement that will provide you with a top-level view of your organization’s cyber maturity
  • CMA Advanced: A drill-down approach encompassing a thorough investigation. Engagement requires the organization to briefly explain operations for domains in scope of the assessment
  • CMA Platinum: A full-blown, comprehensive assessment with proof of operational effectiveness of defined controls

Monitor posture – Continuous Control Monitoring (CCM)

Having worked as information security officers in large organizations, we always strived to find the means to consolidate the multitude of information produced by the underlying infrastructure in an attempt to identify pain points and direct our efforts towards their prompt resolution. 

CCM introduces the adoption of a single pane of glass management solution to (a) monitor compliance against standards, regulations and best practices and (b) focus on policy violations to direct administrators in resolving issues before any escalation is required.

Our CCM solution is backed by the leading technology platform created by CyberObserver, the premier continuous controls monitoring (CCM) and cloud security posture management (CSPM) solution available in the market. The platform enables security and risk management leaders to continuously monitor their enterprise tools and align their cybersecurity posture with major frameworks, regulations, and standards on-premise and in-cloud.

We offer our prospects a complementary one-month pilot so that they can verify the benefits of KPMG’s CCM solution in a hassle-free manner.

Respond to threats – Cyber Response services

We always believed that organizations should draw away from the mantra of “it is not a question of if I will be hacked but when” and operate under the paradigm of “malicious users are already inside the organization and we need to maintain business resiliency”. This new modus operandi requires the establishment of a cyber hygiene, continuous cyber vigilance and prompt identification and response to cyber incidents.

Having assisted a variety of clients in responding to incidents like ransomware infection, business email compromise (BEC), data leakage and so on, KPMG offers a holistic, round the clock cyber response coverage through Readiness, Response and Post-breach services, complemented by our cyber hotline.

Our offering comes into three distinct flavors: 

  • Bronze: A pay-as-you-go ad hoc involvement
  • Silver: A continuous support offering coupled with a thorough on-boarding process
  • Gold: A value-add proposition to ensure peace of mind