Cyber security framework/compliance assessment: Focusses on our clients’ ability to comply with industry standard frameworks such as The National Institute of Standards and Technology cybersecurity framework (NIST CSF), Control Objectives for Information and Related Technologies (COBIT), International Organisation for Standardisation (ISO) and other relevant information security regulatory frameworks. By assessing current-state security control processes, we assist clients in identifying needs, strengths and weaknesses in the current environment as compared to peers and determining future business processes and technology that will be needed in order to enhance the cyber security function over time.
Cyber Maturity Assessment (CMA): KPMG’s CMA is a unique offering that incorporates our insight into leading cyber practices from the public and private sectors. The assessment is targeted at boards and executives to assist with appropriate board-level reporting and communications. The CMA framework is based on a combination of internationally accepted standards (such as NIST CSF, ISO and COBIT) and can be tailored to the specific requirements of our clients yet is comprehensive in its ability to address key dimensions that together provide an in-depth view of an organisation’s cyber maturity.
Cyber strategy and target operating model development: KPMG’s cyber strategy and target operating model service provides clients with an efficient method to establish a security strategy, quantify risks, evaluate true cost and determine effectiveness of their current security programme. Driven by an assessment of core capabilities across people, process and technology, clients will gain an understanding of their current security capability maturity, which will then drive the creation of a tailored target operating model.
Cyber key performance indicator, metrics and dashboarding: Helps security organisations establish a consistent, repeatable and mature process for reporting cyber security performance at all levels—to the board, executive management and information security leadership.
Third-party security risk management: The third-party security risk management service assists our clients with the design and execution of a third-party security assessment programme. This service provides clients with a risk triage model, representative assessment questionnaires, and a centralised coordination and reporting office to assist our clients in conducting assessments of their vendors, suppliers and other third-party business partners across the globe.Third-party security risk management
Business resilience: KPMG’s business resilience service assists clients with the development and deployment of a Business Continuity Management (BCM) programme, including emergency response, crisis management, business continuity and technology recovery. Key steps include understanding recovery priorities and requirements through business-impact analysis, developing continuity strategies and plans and performing regular exercising, testing and maintenance of strategies and plans.
Information and data governance: KPMG’s approach to information governance begins with an intimate understanding of industry issues and business processes. We use a DC2 (Define, Clean, Discover, Change) approach to assess and improve information governance capabilities. Privacy regulations and compliance requirements have exploded in the past few months
Data privacy and protection services: Our clients are struggling with designing, building and sustaining privacy programmes that meet employee, customer and regulatory expectations. Similar to privacy concerns, corporate retention and disposition obligations are fast evolving and changing. Organisations must develop policies and implement technology enablers to facilitate the effective lifecycle management of records and data.