Transformation strategy of the information security function

How EY can help

We offer our clients to develop and implement an information security strategy based on a cost-effective risk-oriented approach, taking into account the threat landscape specific to the organization.

This approach will allow information security to become a strategic business partner that supports new initiatives aimed at achieving the goals of the organization and its mission, while at the same time ensuring the appropriate level of security and preventing losses from the realization of risks.

The main advantages of the strategy implemented according to this approach:

• Effective distribution and use of resources and activities of the entire organization in the field of information security
• Adaptability to changes in the business environment 
• Increased attention to compliance with regulatory requirements
• Transparency of investments in information security
• Effective planning and implementation of initiatives
• Qualitative and quantitative performance measurement and proper reporting will increase job satisfaction of the function

What we do

After agreeing on the target state and the ways to achieve it with the customer's representatives, we develop a roadmap for transformation projects. If necessary, we help our clients implement the transformation program or its projects.

Also, we can focus on individual components of the Operating Model, according to the client's needs.

Why EY?

Our team has vast experience in the implementation of various information security projects, including the development of a strategy for the transformation of the InfoSec function. The Ukrainian team has completed more than 10 such projects over the past 5 years for leading local and international companies in their field. To form our approach, we use leading practices of information security, in particular, ISO 27001, NIST Cybersecurity Framework, SANS CIS Controls, and others.