Information security

PwC offers advice to companies from industry and finance, from medium-sized companies to major corporations, about the full range of information security topics. Financial information, construction plans or recipes are just a few examples of information that is highly valuable and must be effectively protected. Successful defence against cyber attacks and industrial espionage is imperative to prevent information outflow and data leaks. Our experts can help you do exactly that.

About us

We are your independent point of contact for all aspects of data security. We can help you develop your information security management in an effective and financially smart way, identify risks in your applications and infrastructure and implement security measures.

PwC concentrates on the following information security areas

Information security management

Information security is a continuous management process. Obtaining a sustained level of information security requires the contribution of every area throughout the company, from employees through security officers to the company’s management.

In tandem with the designated employees in your own company, our experts will establish management systems and processes in order to continuously identify and resolve risks and obtain a strategically defined level of security. These management systems and processes are developed in compliance with national and international standards.

Our experts can support you with

  • analysis of the current information security status
  • analyses of, and improvements to, IT security guidelines
  • confirmation of the security and compliance of IT processes and information security management systems under ISO 27001 and ISAE 3402 certifications
  • security risk analyses, from deriving threat levels and protection needs through to a risk-oriented catalogue of measures, for instance in line with ISO 27001 and BSI protection
  • project management and quality assurance for change management projects in the area of IT security area

Application Security

In order to fulfil the customer demands the integration of the business processes beyond the company boundaries has become necessary, resulting in a heavily increased integration of e.g. your suppliers’ systems into your own IT environment. In addition, employees collaborate cross-company-wide by using new forms of communication and new working concepts to achieve desired results. At the same time, cyber attacks and industrial espionage are becoming more and more targeted and threatening and are increasingly hitting internal systems that are operating behind supposedly strong firewalls.

Our experts can support you in organising your IT systems in such a way that data can flow between the systems involved while only remaining accessible to the authorised systems and individuals.

Our experts can help you with

  • elaborating risk profiles and analysing the risks posed by new technologies, trends and developments
  • securing IT aspects of users’ working environment in line with company-specific requirement profiles ("desktop security")
  • integrating information security into the ERP system lifecycle
  • social media security, from preparing guidelines and control structures for social media applications through to technical measures to ensure the secure operation of collaboration platforms

IT infrastructural security

It goes without saying that IT infrastructure must be designed as securely as possible. Our IT experts can help you to reliably and productively arrange the virtualisation, outsourcing, the increasing use of mobile end devices and the removal of network boundaries within your company in a reliable and productive way, while keeping pace with the rapid technological change.

Our experts will help you with

  • data classification and data management through data flow analyses and process-related data maps and the derivation of efficient information protection measures
  • security audits for individual IT systems or a network of IT systems at application, operating system and database level
  • inspections of network structures, network segmentation, network access and the configuration of active network components on internal (intranet) and external (Internet) networks
  • the secure virtualisation of selected areas of IT ("Security4Cloud")

As our client, you will benefit from our extensive expertise and our IT experts’ broad market overview. We will make it easy for you to protect your valuable know-how and ensure the availability of critical systems. Our security solutions also encompass the latest information technology trends, with data being exchanged throughout a company or processed on external platforms and end devices. Cloud computing, social networks or ‘Bring Your Own Device’ (BYOD) are only a few examples here of potentially risky scenarios requiring strong security mechanisms.

Contact us

Derk Fischer

Derk Fischer

Partner, Cyber Security & Privacy, PwC Germany

Tel: +49 170 79 46 797

Follow us