Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Privileged access is a computer account that is granted additional access rights over a standard account for humans (e.g., employees) or non-humans (e.g., system processes) to access an organisation’s IT systems.
Due to the increased permissions that accompany privileged access, such accounts are often high-value targets for attackers, allowing them un-blocked entry to IT systems where they can accessconfidential data or critical systems. Such breaches may result in cyberattacks resulting in sensitive data leakage and disclosure as well as critical system service disruptions.
Privileged Access Management Assessment and Advisory
Understanding the Risk of Unmanaged Privileged Access
How Protiviti Can Help
Develop PAM Governance & Controls based on actual operations and PAM system design
Propose PAM system architecture & configuration design based on client's IT environment
Collaborate with IT vendors & solution providers to design an appropriate PAM solution for theclient's business needs and compliance requirements
Formulate PAM Operating Model to align with client's business and IT operations
Provide end-to-end project management & technical advisory for PAM system implementation
INNOVATE. TRANSFORM. SUCCEED.
PAM Service Offering
OperatingModel
Governance & Change
TechnicalArchitecture
AccountDiscovery &Onboarding
PAM System
Develop PAM policies and procedures based onactual processes and PAM system design Establish emergency access processes in the eventof PAM system failure
Develop PAM processes based on PAM systemfunctionsAssess current PAM controls, operations andintegration between PAM system
Review and propose PAM systemconfiguration and architecture designProvide technical advice to enhance PAMcontrols based on PAM system
Assess current privileged credential managementDesign account discovery approach base on PAMsystem & other device management toolsDevelop mechanisms to automate the accountonboarding/ retrieval process
We provide full range of solutions to our clients, includingpen- test, red-team, security architecture design and incidentresponses. Our team has strong and unparalleled knowledge on locallaws and regulations such as China Cybersecurity Law andthe related regulations (such as Personal InformationProtection Scheme and Multi-Level Protection Scheme).We have experience helping clients navigate the compliancejourney and reduce their legal & compliance risks.
Full Range of Security and Privacy Solutions
Our APAC S&P team collaborated with many well-knownMultinational Corporations across different industries tosupport their cybersecurity needs, e.g., medical, biomedical,pharmacist, retail (online & offline), insurance, hospitality, etc. We are well recognized for our outstanding value deliveryand many clients repeated seek our assistance in differentareas.
Trusted Advisors to Our Clients
With increasing technologies within business process contains confidential data, the client would like toreview the PAM governance and adopt a PAM system for effectively managing the privileged access to itscritical systems in order to reduce the risks of cyberthreats, e.g., unauthorized access, sensitive data leakage/disclosure.
Analyzed the current PAM governance & controls and proposes recommendationsfor the identified gaps & findings.Assisted the client in selecting PAM system vendors and designed a PAM solution(with technical details) for the gaps based on company control policies, NIST controlsand industry best practices.Provided project management & technical advisory services to work with the systemvendor for the PAM system implementation, including integration between PAMsystem and PAM operations.Updated the PAM policy, procedures and guidelines.
Improved privileged access control within the organization.Enforced workflow of requests and approvals for the use of privileged accounts.The capaility to monitor, terminate and audit internal and external parties performing privileged activities
S&P teams across six markets (Australia, China, Hong Kong,India, Japan, & Singapore) work closely.The APAC S&P team cooperates on all projects in the region,especially for key projects and key clients. The Protiviti team leverages all experience and capabilityfrom experts around the world if needed.
One Region, One Security & Privacy Team
Privileged Access Management Assessment and Advisory
CASE STUDY
A Luxury GoodsCompany
Need
Solution
Business Value
Protiviti Security & Privacy Competitive Advantage
We are more focused in cybersecurity as risk managementhas been in our DNA since inception. We have risk and control specialists understands both technical as well as business risk.
Deep Expertise in Tech Related Risk
Contact Us
© 2021 Protiviti In. An Equal Opportunity Employer M/F/Disability/Veterans.Protiviti is not licensed or registered as a public accounting firm and does notissue opinions on financial statements or offer attestation services.
Learn More protiviti.com/HK-en/[email protected]
Across the APAC region, we have more than 120 well-trained and experienced S&P professionals.Our professionals have all the common certifications (such asOSCP, CRTP, CISM, CISA, ISO 27001, CISSP, CBCP, SABSASCF, Forrester Zero Trust, PCI QSA, Azure SecurityEngineer/ Practitioner, CyberArk Trustee/ Defender/ Sentry,Netskope Administrator/ Integrator, etc.).
Strong Capabilities with more than 120 Pros