Privileged access is a computer account that is granted additional access rights over a standard account for humans (e.g., employees) or non-humans (e.g., system processes) to access an organisation’s IT systems.

Due to the increased permissions that accompany privileged access, such accounts are often high-value targets for attackers, allowing them un-blocked entry to IT systems where they can accessconfidential data or critical systems. Such breaches may result in cyberattacks resulting in sensitive data leakage and disclosure as well as critical system service disruptions.

Privileged Access Management Assessment and Advisory

Understanding the Risk of Unmanaged Privileged Access

How Protiviti Can Help

Develop PAM Governance & Controls based on actual operations and PAM system design

Propose PAM system architecture & configuration design based on client's IT environment

Collaborate with IT vendors & solution providers to design an appropriate PAM solution for theclient's business needs and compliance requirements

Formulate PAM Operating Model to align with client's business and IT operations

Provide end-to-end project management & technical advisory for PAM system implementation

INNOVATE. TRANSFORM. SUCCEED.

PAM Service Offering

OperatingModel

Governance & Change

TechnicalArchitecture

AccountDiscovery &Onboarding

PAM System

Develop PAM policies and procedures based onactual processes and PAM system design Establish emergency access processes in the eventof PAM system failure

Develop PAM processes based on PAM systemfunctionsAssess current PAM controls, operations andintegration between PAM system

Review and propose PAM systemconfiguration and architecture designProvide technical advice to enhance PAMcontrols based on PAM system

Assess current privileged credential managementDesign account discovery approach base on PAMsystem & other device management toolsDevelop mechanisms to automate the accountonboarding/ retrieval process

We provide full range of solutions to our clients, includingpen- test, red-team, security architecture design and incidentresponses. Our team has strong and unparalleled knowledge on locallaws and regulations such as China Cybersecurity Law andthe related regulations (such as Personal InformationProtection Scheme and Multi-Level Protection Scheme).We have experience helping clients navigate the compliancejourney and reduce their legal & compliance risks.

Full Range of Security and Privacy Solutions

Our APAC S&P team collaborated with many well-knownMultinational Corporations across different industries tosupport their cybersecurity needs, e.g., medical, biomedical,pharmacist, retail (online & offline), insurance, hospitality, etc. We are well recognized for our outstanding value deliveryand many clients repeated seek our assistance in differentareas.

Trusted Advisors to Our Clients

With increasing technologies within business process contains confidential data, the client would like toreview the PAM governance and adopt a PAM system for effectively managing the privileged access to itscritical systems in order to reduce the risks of cyberthreats, e.g., unauthorized access, sensitive data leakage/disclosure.

Analyzed the current PAM governance & controls and proposes recommendationsfor the identified gaps & findings.Assisted the client in selecting PAM system vendors and designed a PAM solution(with technical details) for the gaps based on company control policies, NIST controlsand industry best practices.Provided project management & technical advisory services to work with the systemvendor for the PAM system implementation, including integration between PAMsystem and PAM operations.Updated the PAM policy, procedures and guidelines.

Improved privileged access control within the organization.Enforced workflow of requests and approvals for the use of privileged accounts.The capaility to monitor, terminate and audit internal and external parties performing privileged activities

S&P teams across six markets (Australia, China, Hong Kong,India, Japan, & Singapore) work closely.The APAC S&P team cooperates on all projects in the region,especially for key projects and key clients. The Protiviti team leverages all experience and capabilityfrom experts around the world if needed.

One Region, One Security & Privacy Team

Privileged Access Management Assessment and Advisory

CASE STUDY

A Luxury GoodsCompany

Need

Solution

Business Value

Protiviti Security & Privacy Competitive Advantage

We are more focused in cybersecurity as risk managementhas been in our DNA since inception. We have risk and control specialists understands both technical as well as business risk.

Deep Expertise in Tech Related Risk

Contact Us

© 2021 Protiviti In. An Equal Opportunity Employer M/F/Disability/Veterans.Protiviti is not licensed or registered as a public accounting firm and does notissue opinions on financial statements or offer attestation services.

Learn More protiviti.com/HK-en/it-consultingProtivitiHongKong@Protiviti.com

Across the APAC region, we have more than 120 well-trained and experienced S&P professionals.Our professionals have all the common certifications (such asOSCP, CRTP, CISM, CISA, ISO 27001, CISSP, CBCP, SABSASCF, Forrester Zero Trust, PCI QSA, Azure SecurityEngineer/ Practitioner, CyberArk Trustee/ Defender/ Sentry,Netskope Administrator/ Integrator, etc.).

Strong Capabilities with more than 120 Pros