Technical evaluation of information environment security

In Consulting

With the changing realities of doing business, companies can no longer be sure of the security of their information resources. Along with this, attackers have expanded the number of attack vectors: remote access tools, employees' own devices, new topics for social engineering attacks. 77% of respondents to the EY Global Information Security Survey say they have seen a significant increase in disruptive cyber attacks, up from 59% last year.

Related topics Consulting Cybersecurity

The team

Dmytro Lazuchenkov

Dmytro Lazuchenkov

Partner, Technology Risk Consulting Leader

Roman Totskyi

Roman Totskyi

Manager, Technology Risk Consulting

How EY can help

We offer our clients a line of applied services in the field of cyber security, which will help quickly and effectively eliminate existing deficiencies in the protection of the information environment:

  • Vulnerability Assessment will help identify deficiencies in configurations of information resources located "on the surface". With our help, the organization will be able to understand whether there are known vulnerabilities in the IT infrastructure that can be used by attackers
  • Penetration Testing allows you to understand the depth of a possible attack and its potential impact on critical information systems and business processes. EY specialists will help to understand what information about the company is in public access, to assess the existing vulnerabilities of information resources and the possibilities of their use by criminals
  • Compromise Assessment helps identify current and past intrusions into an organization's information environment, as well as identify compromised information resources. For this, EY specialists use tools that analyze information resources to identify indicators of compromise and allow to detect traces of the activity of an attacker in the information environment.

Based on the results of the work, we always provide detailed structured recommendations, as well as a prioritized plan for their implementation, which allows our clients to effectively achieve quick results and significantly reduce the probability of successful cyber attacks on their information environment.

What we do

As a part of technical assessment services for the security of the company's information environment, we use advanced technical means and all our experience to identify flaws in information systems that can be used by attackers, and determine how to eliminate them. The results of the work are a report that includes:

  • Structured description of identified deficiencies and their confirmation found in the system
  • Risks that arise in connection with the deficiencies found and their level of criticality
  • Clear and consistent recommendations for eliminating identified deficiencies and reducing risks
  • A prioritized plan for the implementation of recommendations.

More about each of the services:

  • Vulnerability Assessment

    Vulnerability assessment is a "quick win" that allows you to identify vulnerabilities that are on the surface (indicates only obvious flaws and assesses the overall level of security). Our approach to vulnerability management allows you to maintain the IT infrastructure in constant readiness for new threats and consists of 5 repeated stages:

    • Research
    • Asset prioritization
    • Scanning
    • Reporting
    • Elimination

  • Penetration Testing

    Penetration testing is the simulation of an attacker's actions. During testing, EY specialists try to identify and exploit vulnerabilities caused by coding errors, software malfunctions, unsafe settings, service configuration errors, and operating system vulnerabilities. EY's approach to penetration testing is based on leading global practices and consists of 5 stages:

    • Planning and Intelligence
    • Scanning
    • Obtaining access
    • Save access
    • Analysis of results, reporting

  • Compromise Assessment

    Compromise assessment helps determine whether attackers have previously undetected access to your data and infrastructure. Methods and tools are used that make it possible to detect traces of preparation for an attack, signs of data compromise, assess the extent of damage and find out which systems were attacked and how exactly it happened. As part of the compromise assessment, we perform the following actions:

    • Remote assessment of the information environment using automated solutions
    • Analysis of historical information
    • Identifying current or past intrusions into your organization's environment
    • Preparation of a detailed technical report, including identified indicators of compromise and recommendations for further actions

If necessary, we offer consultation support from EY cyber analysts in implementing the recommendations. 

Why EY?

Our team has huge experience in the implementation of various information security projects, including technical security assessments. The Ukrainian team has recently completed 5 such projects for leading local and international companies in their field. To shape our approach, we use leading information security practices, including OSSTMM, OWASP, NIST, PTES, ISSAF, and others.

Other technology risk services

Contact us

Interested in the changes we have made here,

contact us to find out more.