Data security and privacy

Organizations are giving cybersecurity increased priority, and discussions by top management teams often converge on the following three challenges:

• Ensure cyber resiliency within a more aggressive and highly connected and digitalized landscape
• Improve security posture while keeping a focus on core business in a challenging security environment
• Increase and maintain compliance using proportionate effort and internal synergies

BearingPoint fights cybercrime with our agile Cyber Resilience Framework that evaluates customers’ ability to anticipate, withstand, recover, adapt to persistent adversaries, and to transform their security posture. The approach must include a unified assessment of the overall security governance framework, data protection mechanisms, efficient incident management, business continuity plans, and crisis management processes.

In the diagram below we present ONE example how our framework works:

Our agile Cyber Resilience Framework must be complemented with deep-dive assessments of the applications’ attack surface generated by internally developed or supply-chain provided software through a comprehensive stack of security controls, which are one of the most used channels for major disruptions.

Organizations spend a lot of time and effort to assess and prepare their compliance effort, which is usually multiplied by a large number of standards and regulations. They are also audited many times on similar activities. As a result, people in security are often living between audits and their preparations, which take a big slice from their resources that might be allocated elsewhere to increase overall business resiliency.

Building synergies between ensuring compliance and implementing security should follow a phased approach:

• Identify applicable laws and regulations relating to cybersecurity and privacy and match an organization’s list of applicable laws and regulations;
• Identify how new and updates to laws and regulations regarding cybersecurity and privacy are monitored and transposed into internal policies and procedures;
• Evaluate roles and responsibilities on compliance management regarding cybersecurity;
• Assess how security controls are mapped to laws and regulations and how an organization measures its compliance maturity level for cybersecurity;
• Evaluate how synergies between security and compliance are implemented to ensure the optimization of compliance assurance.