Technology risk management - PwC

Technology and cyber risk governance. Rethink your role in cyber risk management. Everyone in your organisation plays a critical role in technology risk ... Skiptocontent Skiptofooter Showfullbreadcrumb Home Menu Issues Issues AResilientTomorrow:COVID-19Recoveryandresponse Digitaltransformation:Reimaginedigital Upskilling Menu Issues AResilientTomorrow:COVID-19Recoveryandresponse Menu Issues Digitaltransformation:Reimaginedigital Menu Issues Upskilling Menu Industries Industries Insurance Realestate Assetandwealthmanagement Oil&gas Retailandconsumer Bankingandcapitalmarkets Healthcare Pharmaceutical Technology,media&telecommunications Financialservices Privateequity Transportation&logistics Government&publicservices Menu Industries Insurance Menu Industries Realestate Menu Industries Assetandwealthmanagement Menu Industries Oil&gas Menu Industries Retailandconsumer Menu Industries Bankingandcapitalmarkets Menu Industries Healthcare Menu Industries Pharmaceutical Menu Industries Technology,media&telecommunications Menu Industries Financialservices Menu Industries Privateequity Menu Industries Transportation&logistics Menu Industries Government&publicservices Menu Services Services Allservices Deals Riskassurance Audit&assurance Entrepreneurialandprivatebusinesses Sustainability&climatechange Consulting Tax Corporatesupportservices Worldtrademanagementservices Dataandanalytics PwC'sAcademy Menu Services Allservices Menu Services Deals Menu Services Riskassurance Menu Services Audit&assurance Menu Services Entrepreneurialandprivatebusinesses Menu Services Sustainability&climatechange Menu Services Consulting Menu Services Tax Menu Services Corporatesupportservices Menu Services Worldtrademanagementservices Menu Services Dataandanalytics Menu Services PwC'sAcademy Featured FamilyBusinessSurvey2021-Singaporefindings Menu Aboutus Aboutus Alumni PwC'scodeofconduct Corporateresponsibility Diversityandinclusion Nextmovenewsletter Ourcontacts Pressroom TheNewEquation Menu Aboutus Alumni Menu Aboutus PwC'scodeofconduct Menu Aboutus Corporateresponsibility Menu Aboutus Diversityandinclusion Menu Aboutus Nextmovenewsletter Menu Aboutus Ourcontacts Menu Aboutus Pressroom Menu Aboutus TheNewEquation Featured TheNewEquation Sustainabilityreport Menu Careers Careers Experiencedhires Universityandpolytechnicstudents Temporaryassistants Menu Careers Experiencedhires Menu Careers Universityandpolytechnicstudents Universitygraduate Universityinternship Polytechnicgraduate Menu Careers Temporaryassistants LoadingResults NoMatchFound ViewAllResults Upcomingwebinar BriefingontherevisedMASTRMguidelines Wednesday,10February2021,9.00am-10.30am On18January2021,theMonetaryAuthorityofSingapore(MAS)releasedtherevisionstothetechnologyriskmanagement(TRM)guidelinesforFinancialInstitutions(FIs).OurbriefingsessionwilldiscusstherevisionsproposedintheconsultationpapersonTRMguidelines,andthekeyconsiderationsforFIstoassesshowtheseproposedrevisionsimpacttheirpeople,process,technology,andthirdpartiesaswellastheirabilitytoadoptthem(inpart,orinwhole). Register Asorganisationsembracenewtechnologiesandintroducenewwaysofdoingthings,risksandexposureevolve. On18January2021,theMonetaryAuthorityofSingapore(MAS)releasedtherevisionstotheTechnologyRiskManagement(TRM)guidelinesforFinancialInstitutions(FIs).FIswillneedtoassesshowtheseproposedrevisionsimpacttheirpeople,process,technology,andthirdpartiesaswellastheirabilitytoadoptthem(inpart,orinwhole).Someofthekeyareasfortheorganisationtoassessare: Compositionandroles&responsibilitiesofboardandseniormanagementwithregardstohavingnecessaryskillsandunderstandingoftechnologyriskmanagementandestablishingariskmanagementstrategy.Havingarobusttechnologyriskmanagementframeworkincludingestablishingriskappetiteandcriteriaforacceptablelevelofrisk. Establishmentofcyberthreatintelligence,surveillancemonitoringandincidentresponseprotocols.Aswellasenhancedoperationalresiliencesupportedthroughregularscenario-basedexercisesandadversarialattacksimulation(i.e.redteaming). Governanceandriskmanagementoverthirdpartiesfromatechnologyriskperspective. Clickheretogetstarted Download RevisionstoguidelinesonTechnologyRiskManagement-January2021 Advancesintechnologymeanthatorganisationsareincreasinglydependentoninformationtomeettheneedsofcustomers.However,thewaysofsecuringandprotectingthisinformationhavenotkeptpaceorextendedtoinformationthatthirdpartiesmayhave.TheproposedchangesaddressnewsoftwaredevelopmentpracticessuchasDevOpsandnewtechnologiessuchasvirtualisation,paymenttechnologiesandtheuseofthirdpartiesandhavefarreachingimplications.Wereviewedtheproposedchangesanddevelopedaquickguideonhowyoucanstartaligningyoureffortswiththeguidelines. Technologyandcyberriskgovernance AgileandDevOps Securebydesign Cloudandvisualisation Thirdpartytrust Threatintelligence Securityoperations Technologyandcyberriskgovernance Technologyandcyberriskgovernance Rethinkyourroleincyberriskmanagement Everyoneinyourorganisationplaysacriticalroleintechnologyriskmanagement.Astechnologyrisksevolve,yourprocessesandstrategiesmustadapttomitigatetheserisks.Yourstrategiesmustbeinformedthroughdefinedandmeasurableindicators.Thequalityoftechnologyandcyberriskreportingtotheboardandseniormanagementbecomeskeytoprovidevisibilityontheeffectivenessofyourorganisation’stechnologyriskstrategy.  Withastrongandclearstrategy,theboardofdirectorsandseniormanagementtechnologyoperations,complianceandinternalauditmustbeequippedwiththenecessaryskillstounderstandandmanagetechnologyrisks AgileandDevOps AgileandDevOps Integrateeffectivecontrolsintoagileenvironments Theabilitytodeliveratthespeedoftoday’sbusinesscanmakeorbreakanorganisation.Withtheexceptionofdigitallynativestart-upcompaniesthatwere“bornagile”,mostorganisationsarecomplexwithwell-entrenchedsilos,centralisedhierarchies,andrelianceonantiquatedtechnologyarchitecturethatwasestablisheddecadesago.TheadoptionofAgileandDevOpsshouldbeconsideredamajortechnologytransformation.Aswithalltransformations,therearemanyrisksthatmustbecarefullymitigated.  Awell-designedworkflowandCICDtoolchaincanhelpyoutorolloutchangesquickly,butitisalsocriticaltobeabletobouncebackjustasquicklyiftheroll-outsfail.WecanhelpyouwithyourDevOpsgovernanceframework,optimisationandembedgoodcontrolsandsecuritypracticesthroughoutyourAgileandDevOpsprocessesandtechnologies.  Learnmore Securebydesign Securebydesign Embedsecuritythroughout SoftwarevulnerabilitiesaretypicallytargetedandexploitedbymaliciousactorstocompromiseITsystems,andtheyoftenoccurbecauseofpoorsoftwaredevelopmentpractices.AsAgileandDevOpsenableyourorganisationtodeploymorechangestotheenvironment,itiskeynottolosesightofsecurityconsiderationswhileyouincreaseonthespeedtomarket.Establishedpoliciesonsecurecoding,sourcecodereviewandapplicationsecuritytestingcanensurethatsecuritystandardsareappliedthroughoutthedevelopmentcycle.ThesesecurityconsiderationscanbeembeddedinyourDevOpstoolchainandprocesses(“DevSecOps”).  Oneofthekeyfoundationsofyoursystemsisyournetworkinfrastructure.Awell-designednetworkcankeepyourorganisationconnected,andprovideyouwiththeabilitytosegregatethenetworkbasedonthenatureofyourbusinessandsensitivityofthedata.Wecanhelpyouwithsecurityassessmentsofyoursystemsandnetworkarchitecturetomakesuresecurityconsiderationsareembeddedinthefoundation. Learnmore Cloudandvisualisation Cloudandvirtualisation Navigateyourcloudjourneywithtrust Thecloudisbecomingthecoreparadigmfordeliveringbusinesstechnology,withanaspirationalpromiseof“zeroinfrastructure—anything-as-a-service.”Todeliveronthispromise,technologyoperatingmodelswillneedtoevolveandgrowanewsetofcloud-centriccapabilitiesthatareverydifferentfromtheoldwaysofIT: Anew,consultativeapproachtoclouddemandandbusinessrelationshipmanagement Aretooledarchitecture,engineering,andoperationscapability,embracingsuchconceptsascloudorchestrationtoolsets,continuous integrationanddeployment,anddevelopmentoperations(DevOps) Strongcontrolsforcloudconsumption,performance,andvendor/partnermanagement Theabilitytocreate,destroyandcloneenvironmentsopensnewriskstoyourorganisationanddata.Organisationsmustbereadytomanagethevirtualenvironments,andmaintaintechnologyintegritywitheffectiveriskandcontrols.Theimplicationsofdataresidencymaybecomeacomplianceissueespeciallyifinformationisstoredinthecloud.  Learnmore Thirdpartytrust Thirdpartytrust Knowyourthirdparties Itisimportanttounderstandtheflowofyourorganisation’sinformation,particularlywherethirdpartyserviceprovidersareinvolved.Theownershipofanorganisation’sinformationdoesnotstopattheorganisation’sphysicalboundary.Youneedtomakesureyourpartnersarefollowingappropriateprocedures.Thisisvitalandwillenableyoutoavoidrisksandreputationdamage.Theresponsibilityofmanagingtheriskofyourthirdpartyrelationshipsfallsonyou,sotoprotectyourbusinessfromissuesassociatedwithprofitability,reputation,regulationandevenlitigation,itisimportanttoestablishprocessesthatwillallowyoutooverseetheseissues. Regulatorshavesteppeduptheirstandardsregardinghowcompaniesprotectthemselvesagainstthirdpartyissues,sothisareaisanincreasinglyimportantpartofyourriskmanagementplan.  Learnmore Threatintelligence Threatintelligence,huntingandredteaming Buildyournextgenerationcybersecuritydefense Formanyorganisations,securitycanfeellikeagamethatisalmostimpossibletowin.Theruleshavechangedandopponentsarepatient,well-fundedandincreasinglysophisticatedinthetoolsandtechniquestheyhaveattheirdisposal.Workingwithadedicatedthreatintelligencepartnerthatdevelopsitsownthreatintelligencegleanedfromfirst-handopen,closedandproprietarysourceswillenableyoutomakeinformedrisk-baseddecisionsandallowyoutodevelopanddesignappropriatemitigationsfornewthreats. Cybercriminalscontinuetoinfiltrateorganisations’networksundetectedandgainunauthorisedaccesstocriticaldata.Advancedattackerscanremainontheirsystemsforyearswithouteverbeingdetected.OrganisationsneedtoconductregularcyberthreathuntingactivitiestolookproactivelyforandidentifyanythreatsintheirITestateandrespondquicklyandappropriatelybeforetheydamagetheirbusiness ConductingthreatintelligencebasedRedTeamingexerciseusingreal-worldscenariostailoredtoyourorganisationallowyoutoimproveyourorganisation’scyberresilient,demonstrateanorganisation’scyberdefencecapabilitytotheboard,helptomeasuretheirmaturityandstayaheadoftheevolvingthreatlandscape. Learnmore Securityoperations Securityoperationsandincidentresponse Transformyoursecurityoperationalcapabilities Theeverincreasingcomplexityofcyber-attacks,thechangingrequirementsforenterprisesecurityandriskmanagementcoupledwithtechnologyadvancements,havetriggeredaparadigmshiftinthedesignandongoingadministrationofasecurityoperationscentre.Itisimperativeofthefinancialindustryto:  Reduceenterpriseriskandprotectthebusiness Movefromreactiveresponsetoproactivedetectionandmitigation Increasevisibilityovertheirenvironment  Meetcompliance/regulatoryrequirementssetforthbyvariousagencies Securityoperationscentremustberesponsivetotheevolvingthreatsandprovidemanagementtheinformationandcontrolthatitneeds.WecanhelpyourSecurityOperationsandSecurityOperationsCentreonthefollowing: SOCWorkshop SOCMaturityAssessmentWorkshop SOCStrategy&ProgramMobilisation UseCaseAssessment UseCaseStrategy&UseCaseFramework SOCCompliance Howwecanhelp Cybersecurityincidentsarefirmlyontheagenda,notjustforboards,butforregulators,customers,andinvestorstoo.Withthescaleandsophisticationofcyberincidentsincreasinglyeveryyear,organisationsneedtobepreparedfortheinevitable,withconfidenceintheirabilitytomanagetheriskstheyface.  Whenacyberincidentimpactsyourbusiness,youneedimmediateaccesstohighlyexperiencedexpertsthatcanrapidlyandeffectivelyinvestigate,containandremediatethethreats,aswellascontinuetohelpyouwiththefullrangeofbusinessissuesthatyoumayneedtoaddress. Enhancingyourriskandregulatoryposturethroughtechnologyriskandcybercapabilityassessments Workwithyoutoidentifykeyareasofconcernandcarryouttargetedreviewsfore.g.DevOpsetc. ImproveyourprocessesonsecuritymonitoringandoptimiseyourSOCfunction. Conductcybersecuritytrainingsandexercisessuchas GameofThreatsTM andredteaming. Embedsecuritybydesigninyourimplementationandtheiralignmenttoyourorganisation’sstrategy. Evolveyourcurrentcapabilitiestofitsecurityandcontrolsofyourcloud Managetherisksatyourexternalpartners Improveyourorganisation’sriskposture. Enhanceyourbusinesscontinuitycapabilitiestobecyberresilient. Followus Thankyou! Yourrequesthasbeenroutedtotheappropriateperson.Yourrequestreferenceis:"refID". Requiredfieldsaremarkedwithanasterisk(*) Pleasecorrecttheerrorsandsendyourinformationagain. Businessemail* Name* Organisation* Jobtitle* WhichTRMareaareyouinterestedin?* Technologyriskmanagement,governanceandITaudit Cyberthreatintelligence,surveillanceandincidentresponse Cybersecurityassessments(e.g.red-teaming) Softwareapplicationdevelopmentandmanagementandsecure-by-design Operationalinfrastructuresecurity(virtualisation,cloud,IOT,etc) Thirdpartyriskmanagement IsthereanyspecificTRMareathatinterestsyou? Bysubmittingyouremailaddress,youacknowledgethatyouhavereadthePrivacyStatementandthatyouconsenttoourprocessingdatainaccordancewiththePrivacyStatement(includinginternationaltransfers).Ifyouchangeyourmindatanytimeaboutwishingtoreceivetheinformationfromus,youcansendusanemailmessageusingtheContactUspage. Contactus TanShongYe DigitalTrustLeader,PwCSingapore Tel:+6596796920 Email JimmySng Partner,Cybersecurity,PwCSingapore Tel:+6596189773 Email KyraMattar TechnologyRiskPartner,PwCSingapore Tel:+6597352506 Email TamHuynh ManagingDirector,Cybersecurity,PwCSingapore Tel:+6587997601 Email Getintouch Hide Issues AResilientTomorrow:COVID-19Recoveryandresponse Digitaltransformation:Reimaginedigital Upskilling Industries Assetandwealthmanagement Bankingandcapitalmarkets Financialservices Governmentandpublicservices Healthcare Insurance Oilandgas Pharmaceutical Privateequity Realestate Retailandconsumer Technology,mediaandcommunications Transportandlogistics Services Auditandassurance Consulting Corporatesupportservices Dataandanalytics Deals Entrepreneurialandprivatebusinesses PwC'sAcademy Riskassurance Sustainabilityandclimatechange Tax Worldtrademanagementservices Aboutus Alumni Corporateresponsibility Diversityandinclusion Pressroom Careers Experiencedhires Universityandpolytechnicstudents Temporaryassistants Contactus © 2015-2022PwC.Allrightsreserved.PwCreferstothePwCnetworkand/oroneormoreofitsmemberfirms,eachofwhichisaseparatelegalentity.Pleaseseewww.pwc.com/structureforfurtherdetails. Privacystatement Legaldisclaimer Cookiesinformation Aboutsiteprovider Termsandconditions Sitemap