Information security

PwC concentrates on the following information security areas

Information security management

Information security is a continuous management process. Obtaining a sustained level of information security requires the contribution of every area throughout the company, from employees through security officers to the company’s management.

In tandem with the designated employees in your own company, our experts will establish management systems and processes in order to continuously identify and resolve risks and obtain a strategically defined level of security. These management systems and processes are developed in compliance with national and international standards.

Our experts can support you with

• analysis of the current information security status
• analyses of, and improvements to, IT security guidelines
• confirmation of the security and compliance of IT processes and information security management systems under ISO 27001 and ISAE 3402 certifications
• security risk analyses, from deriving threat levels and protection needs through to a risk-oriented catalogue of measures, for instance in line with ISO 27001 and BSI protection
• project management and quality assurance for change management projects in the area of IT security area

Application Security

In order to fulfil the customer demands the integration of the business processes beyond the company boundaries has become necessary, resulting in a heavily increased integration of e.g. your suppliers’ systems into your own IT environment. In addition, employees collaborate cross-company-wide by using new forms of communication and new working concepts to achieve desired results. At the same time, cyber attacks and industrial espionage are becoming more and more targeted and threatening and are increasingly hitting internal systems that are operating behind supposedly strong firewalls.

Our experts can support you in organising your IT systems in such a way that data can flow between the systems involved while only remaining accessible to the authorised systems and individuals.

Our experts can help you with

• elaborating risk profiles and analysing the risks posed by new technologies, trends and developments
• securing IT aspects of users’ working environment in line with company-specific requirement profiles ("desktop security")
• integrating information security into the ERP system lifecycle
• social media security, from preparing guidelines and control structures for social media applications through to technical measures to ensure the secure operation of collaboration platforms

IT infrastructural security

It goes without saying that IT infrastructure must be designed as securely as possible. Our IT experts can help you to reliably and productively arrange the virtualisation, outsourcing, the increasing use of mobile end devices and the removal of network boundaries within your company in a reliable and productive way, while keeping pace with the rapid technological change.

Our experts will help you with

• data classification and data management through data flow analyses and process-related data maps and the derivation of efficient information protection measures
• security audits for individual IT systems or a network of IT systems at application, operating system and database level
• inspections of network structures, network segmentation, network access and the configuration of active network components on internal (intranet) and external (Internet) networks
• the secure virtualisation of selected areas of IT ("Security4Cloud")