IT Governance & Cyber Security

IT Governance & Cyber Security

At BDO, we believe that cyber-attacks and data breaches are one of the biggest risk facing organisations and their boards today. Impact of cyber incidents could impair an organisation’s reputation, market value and financial position.

In the last couple of months, the world has witnessed an increase in cyber-attacks. Hackers are aware that due to the COVID-19 crisis, many people are actively working remotely. In these times, employees are often more restless, which reduces cyber awareness and therefore makes it easier for them to fall into a trap.

In order to answer to those threats we offer our customers various services for addressing the different weaknesses or regulatory obligations, each with a technical approach adapted to the size and complexity of our clients. This results in clear recommendations and specific actions to ensure the confidentiality, integrity, availability and security of your data and systems.

Cyber Security Program Assessment (CSPA)

  • Comprehensive analysis of Cyber Security maturity levels across various domains

Third Party Risk Assessment (TPRA)

  • Comprehensive analysis of IT Outsourcing management

Identity & Access Management/Privileged Access Management 

  • Assessment of the logical access control to the applications and operating systems

Vulnerability Assessment 

  • Technical analysis of IT infrastructure, emerging threats and vulnerability identification, assessment and prioritisation

Penetration Testing 

  • An ethical hacking activities

Incident Response Simulation 

  • Red/blue teaming, Incident response simulation such as Data breach, Ransomware etc.

IT Policies & IT Procedures 

  • Defining and/or reviewing the Security policies and procedures

IT Governance & IT Strategy

  • Defining and/or reviewing the IT Governance Framework or IT Strategy
  • GAP assessment/Implementation of controls to be in line with common control frameworks - requirements for compliance with control frameworks (e.g. ISO27001, ISO22301, NIST, etc.)
  • GAP assessment/Implementation of controls for the financial institutions which are regulated by CSSF in Luxembourg:
    • Circular 20/750 - requirements set by CSSF related to information and communication technology (ICT) and security risks
    • Circular 17/654 (amended 19/714) - requirements set by CSSF related to the IT outsourcing relying on a cloud computing infrastructure

Review of ISO activities 

  • Review of daily, weekly, monthly and annually tasks performed by ISO

Information/Cyber Security Awareness Training 

  • Awareness training with all employees or customised trainings with focus on cyber security threats

Social Engineering 

  • Simulation of phishing attacks (“Phishing as a Service”) or physical security test
     

Key Contact