State of Texas, RFO 550-Cybersecurity Award for KPMG, LLC DIR-CPO-4884
KPMG, LLC DIR-CPO-4884
KPMG, LLC DIR-CPO-4884
Available Cybersecurity Services
Below is a list with descriptions and examples of all five functional categories available under KPMG’s Cybersecurity contract.
- Strategy and Governance – Turn risk into mission and business advantage
- Cyber Transformation – Accelerate initiatives in an agile world
- Cyber Threat Management – Confidently seize opportunities
- Cyber Managed Services – Operate with confidence in a digital world
- Cloud Security
Strategy and Governance
Helping clients understand how best to align their cyber agenda with their dynamic business and compliance priorities.
- Cyber Strategy Build & Execution – We provide advisory consulting for CISOs, their C-suites, and boards of directors in the development and implementation of effective strategies for the management of cyber risk across the business and extending into its brands and product portfolios.
- Data Privacy – We help clients struggling with designing, building, and sustaining data protection and privacy programs that meet regulatory obligations for protection and handling of employee and customer personal information, as well as other types of sensitive data. Further, meeting compliance goals at a point in time is not enough: companies must develop, implement and sustain a cross-functional program enabled by technology, to meet compliance goals while balancing business objectives.
- Data Governance and Data Protection – We help our clients gain a clear, centralized view of these assets, classification based on sensitivity, data retention / deletion, and application of technical security controls such as encryption, masking, anonymization and data loss prevention. Our team of specialists provides both strategic assessment and roadmap services, as well as technology implementation, configuration and tuning to help organizations minimize risk and maximize business value.
- Third Party Security – We help our clients mature their third-party security program and realize the value from their third-party security investments. This service includes third-party security program maturity assessment, program design and transformation, third-party security assessments, smart automation using AI enabled frameworks and continuous assessment and monitoring of third parties.
- Cyber Compliance and Program Assessments – We help our clients gain an independent perspective of its ability to manage cyber risk across multiple business functions not just IT, documents the current state of maturity, recommends a future state with a roadmap to achieve it, and collaborates with clients to execute projects aligned to the roadmap.
Helping clients build, automate, and mature their progrfams and processes, supported by the right technology, to improve their cyber agenda.
- Cyber GRC
- Service Lead: KPMG delivers a wide-ranging set of technology enabled services delivered to support information security governance, risk, and compliance (GRC) needs for cyber security stakeholders. We help our clients with strategy, implementation roadmaps, GRC tool selection and analysis, process development, and implementation.
- I&AM - Workforce – Enabling access to technology resources in a secure and efficient manner is at the core of a strong cyber security program. We help our clients transform their process and technology to provide its workforce (employees, contractors and business partners) with the required access to securely enable secure business operations and collaboration.
- I&AM - Customer – Customer Identity and Access Management (CIAM) establishes the identity of the customer and its relationships with a broader business ecosystem, thus providing a 360-degree view of the customer and enabling personalized and secure interaction for the customer with the business. We help our clients enable secure front office transformation for customers and citizens.
- I&AM - Privileged – Privileged accounts have been leveraged in every high profile breach over the last decade. We help our clients centralize management of sensitive accounts, thereby increasing security through enhanced password complexity and change controls, and improved visibility through logging and auditingcontrols.
- Zero Trust (A.S.) – We help our clients evaluate, plan and implement programs that help them achieve one or more tenants of a zero-trust security model. This includes efforts around I&AM, endpoint strategy and network segmentation work.
- Security architecture (A.S.)
Cyber Threat Management
Helping clients prevent, identify, respond to, and recover from a cyber breach to maintain their cyber agenda as their business and technology programs evolve.
- Cyber Defense – Helping clients design, architect, and engineer security solutions needed to predict, prevent, detect, and respond to security threats by leveraging advanced security monitoring and automation across IT applications and SaaS platforms .
- Cyber Resilience – We help clients increase their resilience to cyber attacks through incident response strategic and operational program planning, cyber exercise drills, playbook development and incident automation that help reduce cyber risks and focus on the long-term development of cyber defense, response, and recovery capabilities leveraging tech enabled solutions.
- Cyber Response and Recovery – We help our clients respond and recover from major cyber incidents with forensic incident response analysis to understand the attacker techniques and tactics, which will inform how to recover and rebuild the environment.
- Device Security – Enabling our clients to take control of their Operational Technology (OT) and IOT environments from validating compliance and risk review, asset and vulnerability discovery, and security architecture, to developing full global OT cyber strategies, programs, and technology needed to prevent, detect, and respond against OT cyber threats.
- Securing AI – Enabling our clients to continue leveraging the power of AI by ensuring the security of AI systems against adversarial threats through a holistic approach of assessing the current AI ecosystem, securing critical components, and responding to adversarial AI attacks.
Cyber Managed Services
Helping clients continuously manage their cyber security with a dedicated KPMG Cyber Management team.
- Identity management
- Technical security assessments
- Managed Detection & Reponse (MDR)
Helping clients secure their Cloud environments and also leverage Cloud and Modern Delivery Platforms to design, build, and implement effective AI solutions.
- Architecture & integration – We combine our deep cyber technology and implementation expertise with knowledge of leading cloud platforms and solutions to help organizations secure and enable cloud adoption. We design and implement secure landing zones, hyperscalersecurity services, and third party cloud security technology.
- Secure DevOps – We help our clients build security into DevOps and Agile development processes, securing the integrity of cloud-based CI/CD pipelines and “shifting left” security so as to not be an afterthought. Tightly correlated to more traditional application security, our teams bring deep expertise in secure, cloud-based full stack development.
- Strategy, assessment & controls – We help clients answer the questions, “How do I security move to the cloud?” and “What gaps exist in my cloud security?” Typically this involves understanding a client’s current maturity, defining a target state for cloud security, and developing a target operating model for multi-cloud transformation based on leading practices.
- Compliance – We work with clients (in particular, cloud technology providers) to build robust cloud security compliance programs and to achieve compliance against standards such as FedRAMP. These services marry our years of experience working with global cloud regulators and security frameworks with our depth of technical cloud security knowledge.
Instructions for Obtaining Quotes and Placing Purchase Orders
How to Order
- For product and pricing information, visit the KPMG LLP website or contact Amanda Campbell at (512) 970-9403.
- Generate a purchase order made payable to KPMG LLP and you must reference the DIR Contract Number DIR-CPO-4884 on your purchase order.
- E-mail or fax your purchase order and quote form to your designated vendor sales representative.
Pricing information can be found here: Appendix C Pricing Index
This is a service contract and returns are not applicable. For questions, please contact:
111 Congress, Suite 1900
Austin, TX 78701
Phone: (512) 970-9403
For more information on the DIR program, please visit the DIR Cooperative Contracts program website.
© 2023 KPMG LLP, a Delaware limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
For more detail about the structure of the KPMG global organization please visit https://kpmg.com/governance.