Cyber risk management

In Consulting

EY Cybersecurity, strategy, risk, compliance and resilience teams can provide organizations with a clear picture of their current cyber risk posture and capabilities, giving them an informed view of how, where and why to invest in managing their cyber risks.

Related topics Consulting Cybersecurity Emerging technology Analytics and big data

The team

Murali Rao

Murali Rao

EY India Cybersecurity Leader

What EY can do for you

EY Cybersecurity, strategy, risk, compliance and resilience teams help organizations evaluate the effectiveness and efficiencies of their cybersecurity and resiliency programs in the context of driving business growth and operational strategies. These offerings apply consistently regardless of where they are applied (Information Technology, Internet of Things, Operational Technology, Cloud, etc.), provide a clear measurement of risk and capture current risks to the organization, and demonstrate how cyber risks will be managed going forward. Each service can be combined to form a larger program or transformation effort. EY Cybersecurity teams can help organizations to:

  • Provide a clear picture of current cyber risk posture and capabilities, helping organizations to understand how, where and why to invest in managing cyber risks
  • Help implement and execute a strategy and overarching cyber program that allows for rigorous, structured decision-making and a financial analysis of cyber risks
  • Help EY clients achieve and sustain regulatory compliance requirements as the outcome of a well-designed and executed cyber function
  • Help build a more risk aware culture through education and awareness to reduce the impact of human behavior
  • Operate a program that is resilient in the face of ever evolving cyber threats and digital business strategies

How EY can help

Data protection and privacy

EY data protection and privacy services help organizations stay up-to-date with leading services in data security and data privacy, as well as complying with regulation in a constantly evolving threat environment and regulatory landscape.

Read more
Digital identity and access management

Identity and access management (IAM) is a foundational element of any information security program.

Read more
Next generation security operations and response

Our Next generation security operations and response services along with a deep portfolio of consulting, implementation and managed services, can help organizations build a transformation strategy and roadmap to implement the next generation of security operations.

Read more
The better the question. The better the answer. The better the world works.

Case study: Should you treat cybersecurity as an end-goal or a continuous improvement process?

A global food and beverages company wanted to build the capability to proactively detect and respond to cybersecurity risks.

The better the question. The better the answer. The better the world works.

How can you ensure 24x7 security of your business data on the cloud?

Ability to detect cybersecurity risks is a priority while migrating on-premise infrastructure to cloud.

A reputed global US$4.5b+ food and beverages company was concerned about security vulnerabilities and wanted to safeguard against current and potential cyber threats. The requirement came to the forefront while transitioning from on-premise infrastructure to the cloud. The transition required integration of many non-native log sources, thereby increasing its security risk exposure.

Besides ensuring a safe transition, the company wanted to build a system which allowed continuous improvement of its security landscape. As a cybersecurity solution, it needed a security operations center capable of designing, transitioning, implementing, configuring, integrating and customizing its cybersecurity strategy.

Security of business data on the cloud
The better the question. The better the answer. The better the world works.

EY built a managed security operations center for the company

A managed security operation center proactively detects and minimizes impacts of an incident.

Evaluating a partner for establishing a security operations center includes an assessment of its experience and capabilities. The food and beverages company assessed our incident response management processes, the span of pre-deployment activities for infrastructure and applications, and our experience in conducting similar transitions.

We established a managed security operations center (MSOC) to detect and prevent security incidents. Subsequently, we established MSOC operations to provide 24x7 monitoring of cybersecurity threats, incident response and threat intelligence for the company. The ISO 27001 compliant MSOC deployed EY’s proprietary assets and tools, such as next-generation Cognitive Cyber Center (CCC) and EY Security Governance Services.

The implementation involved deployment of specific use cases as actionable correlation rules within the security information and event management (SIEM) system, coupled with newly created threat intelligence inputs and automatic lookups.

During the course of the engagement, EY helped the client recover from an appliance failure incident by invoking the business continuity plan (BCP) and restoring services after return merchandize authorization (RMA) in a very short span of time.

Different aspects of EY’s MSOC for a global food and beverages company

Cyber security engagement

Source: EY’s cyber security engagement team for a global food and beverages company

Accelerated business growth, diversified assets, and a heterogenous digital environment trigged the need for real-time incident monitoring. The company continues to elevate its cyber security posture through constant evaluation of emerging tools and technologies.

~ Anjan Bhattacharya, Cyber Security leader at EY

A managed security operation center (MSOC)
The better the question. The better the answer. The better the world works.

EY’s MSOC provides round-the-clock security and support.

The MSOC detects and responds to potential future incidents besides providing valuable threat intelligence.

After the deployment of the MSOC, the company could better monitor and improve its ability to proactively detect and minimize the impact of an incident. Independent and expert perspectives provided by the MSOC made the company aware of current information technology security threats and vulnerabilities.

Benefits realized from EY’s MSOC

Security operation center

Source: EY’s cyber security engagement team for a global food and beverages company

Threat advisories issued by the MSOC helps the company take necessary actions proactively. Finally, with the help of the MSOC’s recommendations, it has built an ongoing system of security landscape improvements.

Cyber Threat intelligence System

Contact us

Like what you’ve seen? Get in touch to learn more.

email