|
Links to Text
Penetration Testing, "Ethical Hacking", and Configuration Reviews
Enterprise Security Architecture Services, Information Security Policy Development and Review
Trusted Third Party Services and PKI Consulting
Crytographic Solutions
Penetration Testing, "Ethical Hacking", and Configuration Reviews
As information technology gets more complex and computer systems become more interdependent, the degree of exposure to potential hazard increases. For the security of your business systems and the information they hold, it is important to keep abreast of threats.
The appeal of e-business is that it connects businesses directly with the outside world, either via the Internet, dial-up facilities, wireless or direct connection. However, this presents a security threat which needs to be managed.
In addition, greater connectivity within organisations and between business partners and service providers adds a further layer of complexity and security risk.
Policies need to be developed that define how and when messages and data move in and out of a business electronically. Security hardware such as firewalls and routers are usually required. PricewaterhouseCoopers can help you answer these questions and stay one step ahead of them. We can help you identify any vulnerabilities and then minimise them. Through our experience and from research into hacker and criminal activity, our security penetration testing methodology can help you to second-guess and counter hackers, thus minimising their access to your system.
A security penetration test and/or configuration review can help you to identify:
- The weak links in your system security;
- Where technological change affects the risk profile of your business systems;
- Whether your system policing is robust enough;
- How well your security policies are being observed and practised.
We have a proven record in safely leading and conducting security penetration testing. We have the experience, methods and tools to identify and evaluate risks, and to help you neutralise them.
We perform rigorous background checks on our own specialised technical staff before thoroughly training them in our leading edge tools. These tools are tested in our own security laboratories throughout the world.
Enterprise Security Architecture Services, Information Security Policy Development and Review
In today's world of accelerated information processing, global communication and Internet access, consistent and comprehensive enterprise security is critically important to the continued success of an organisation. Information security is now an important component of corporate strategy, helping to support an organisation's business objectives: maintaining and growing customer loyalty, creating strong vendor and partner relationships, ensuring the integrity of product development planning and implementation, and facilitating e-commerce.
Our Enterprise Security Architecture framework, featuring our proprietary Enterprise Security Architecture System (ESAS), can help you develop a strong security policy and implement security solutions that fit your business and your budget. We have assisted many organisations to develop pragmatic, risk driven Information Security Policies, Standards, Awareness and Education Programmes, and Technical Control Procedures. We provide solutions that:
- Simplify the creation of a comprehensive security policy;
- Help to ensure that security 'spending' is risk-driven and based on a pragmatic data classification and risk assessment process;
- Provide easy-to-follow guidelines for implementing security solutions;
- Ensure consistency across security policies, from corporate to departmental policies;
- Identify and eliminate security "gaps" between existing policies and actual security controls;
- Provide a comprehensive catalogue of industry best practices across technologies and applications;
- Enable easy modification of security policies to reflect changes in technology and business goals;
- Ensure that as technology changes, security controls continue to follow industry best practices;
- Support your security team with detailed reports that reflect corporate security requirements, explain the benefits of specific security settings, and provide an implementation "checklist" to assist in establishing security across various technologies; and
- Successfully meet the requirements of a security audit by ensuring compliance with corporate policy.
 |
Trusted Third Parties and PKI Consulting
One of the most important issues of e-business is on how to effectively and efficiently build trust between any two parties that plan to conduct transactions. The required level of security is typically achieved through public key infrastructure or encryption solutions.
Encryption technology establishes a trustworthy network environment. For public-key cryptography to be effective, users must be assured that their identities and keys - as well as those of the parties with whom they communicate - are valid and trustworthy. This trust is achieved through the work of Trusted Third Parties. PricewaterhouseCoopers offers a wide range of services to Trusted Third Parties (TTPs).
Cryptographic Solutions
Cryptographic solutions, long in use by governments and financial institutions, have more recently become the cure-all in virtually every sector for protecting increasingly open communications systems and networks. What many enterprises fail to appreciate is that there are many forms of cryptographic solutions and different levels of security, depending on the "strength" of the mathematical algorithms used. Add to that, the fact that many nations restrict cryptography differently: some require the use of Trusted Third Parties; some limit exports; others limit imports; many claim to have a free market in this technology but in fact invoke obscure "dual use" controls. Meanwhile, many laws and regulations have been written on the basis of existing cryptographic algorithms (usually "discrete logarithm", controllable by "bit length"). However, many new technologies (i.e., elliptic curve, lattice and quantum cryptography) defy such definition, making it difficult for governments to apply controls effectively.
All this has resulted in a confusing fantasy world for global businesses who wish to apply cryptographic solutions to extranets and e-business. At PricewaterhouseCoopers we maintain a highly trained, globally-deployed staff of cryptographic consultants who understand these issues, know various vendor solutions, and are abreast of changing laws and regulations. As a part of building trust into your e-business networks, we can ensure that your cryptographic solutions are properly chosen, correctly implemented and legal. Further, as a part of our Trusted Third Party capability, we can operate certain types of solutions such as public key infrastructure on your behalf. |
