Cybersecurity and Privacy Consulting

These solutions are designed to help organizations with their definition of access management strategy, governance, access transformation, and ongoing operations. The solutions help organizations ensure the right users validate who they are and get access to the right organization resources.

Examples of specific services:

• IAM Business requirement analysis and Business case development
• Tools and technology rationalization, evaluation and selection
• Identity and access architecture and design
• System integration and implementation
• Digital identity as a service, solution management
• Read more about our IAM alliance with SailPoint.

These solutions are designed to help organizations protect themselves from adversaries that would seek to exploit weaknesses in the design, implementation, and operation of their technical security controls, including disruptive technologies in the marketplace, e.g., cloud computing, blockchain, internet of things (IoT), industrial control systems (ICS) devices, connected automotive, and robotic process automation (RPA).

Examples of specific services:

• OT Asset Management (including discovery, inventory, lifecycle management) with EY OT Asset Orchestrator solution
• Technical control assessments
• Product security assessments and implementation
• Embedding Trust by Design into services and products
• Application security architecture review and assessment
• Secure Systems and Software Development Lifecycle (SDLC) process design and implementation
• DevSecOps process design and implementation
• Cloud security control design and implementation
• OT/IoT cyber transformation programs
• Smart factory and industry 4.0 protection
• Security assessments and penetration tests of emerging technologies with specific threat assessment
• IT/OT network segmentation architecture
• Regulatory requirements (EU NIS Directive, NIST CSF)

These solutions help organizations proactively identify and manage risk, monitor threats, and investigate the effects of real-world attacks. These rapidly integrate cybersecurity functions and technologies to adapt to demands.

Examples of specific services:

• Attack and penetration assessments including internal, external, wireless, applications and mobile
• Vulnerability management (VM) governance design and remediation assistance
• Application security assessments (including mobile, cloud)
• Red team threat emulation assessments
• DevSecOps operations
• Secure SDLC (process design, risk analysis, risk mapping)
• SOC assessment, gap analysis, roadmap
• SIEM/IDS assessment, implementation, tuning and configuration
• Incident response governance, playbooks, metrics, and reporting
• Application security managed services