Security and Privacy

Body

Cybersecurity challenges demand an Organisation to face two facts. First, the protection of critical company and customer information is a business requirement to protect the company’s reputation and enterprise value. Second, even the best programme will experience failure and expose some information the company would like to protect. 

At Protiviti, we believe confidence in security and privacy does not come from knowing nothing will happen, it is achieved by knowing all the things that can happen and preparing both proactive and reactive solutions. This holistic approach starts by understanding what is most important to you and then structuring and supporting the programme so that your business is engineered to grow securely.

Protiviti's Competitive Advantages

Technical and Business Risk is in Protiviti's DNA

  • Deep experience in understanding and assessing information, technical and business risk across diverse industries.
  • Risk and control specialists can assist in assessing technical and business risk as well as in advising the appropriate controls.

Deep Expertise in IT Security and Cybersecurity

  • Protiviti has deep expertise and experience in IT security, cybersecurity privacy assessment and advisory.
  • Our staff has strong credentials and qualifications in security assessment, implementation and operations.
  • Our past experience allow us to deliver strong advisory services along with strong security operations.

Global Experts

  • Protiviti has hundreds of experts worldwide information security & privacy and industry expertise in various industries (such as financial services, manufacturing and consumer services).
  • Protiviti project teams can and will leverage all experience and capability from experts around the world.

We provide solutions tailored to your Organisation’s unique needs and industry in the following areas:

IT Specialised Audit

  • Often part of the overall audit programme
  • More in-depth and technical than Information Technology General (ITGC) audit
  • Often focused on a specific part of IT operations.

Security Assessment & Compliance

  • International Security Standard: ISO/IEC 2700x and NIST Cybersecurity Framework
  • Privacy Regulations: Hong Kong Personal Data (Privacy) Ordinance, European GDPR
  • Payment Card Security Standard: PCI DSS 3.2
  • Other regulations/standards: China Cybersecurity Law, COSO SOX, COBIT 5, HKMA, HK SFC  

Technical Security Assessment

  • Vulnerability scan and penetration test
  • Source code review
  • Phishing and social engineering test
  • Red team simulation

Security Framework Design

  • Design and revision of cybersecurity strategy and programme
  • Design and revision of security policies such as data and information classification
  • Design, revision and implementation of security procedures
  • Design and rolling out of cybersecurity incident response plan

Security Implementation

  • Server and operating system (OS) hardening review and upgrade
  • Network security architecture design and review (including IDS/IPS, SIEM)
  • Security tools design and implementation support

Security Operation

  • Security resource augmentation
  • Security operation outsourcing 
  • Security incident monitoring and response