IT Consultancy

Every business needs the confidence that their systems and network are secure and ‘hacker' proof. Penetration Testing, or Vulnerability Testing, is essential to give you that peace of mind. The penetration testing process involves running extensive and repeated attacks on the defensive elements of a network in an attempt to penetrate those defences and compromise your information. Often networks are attacked and penetrated for no other purpose than to deny services to bona fide users. These Denial of Service (DOS) attacks are the most common and often the most difficult to protect against.

Testing a network's defences with a penetration test involves using many different software tools. Central to effective penetration testing is the expertise of the personnel responsible for the process. It is the experience of our network penetration consultants which will give you the confidence in your network rather than the tools used. Since, no two networks are the same, every Penetration Testing programme that we execute is designed specifically for the individual organisation.

Through a series of tests that simulate a penetration attempt or attack using methods and tools used by real-world hackers, we can gauge the security of your office network. Penetration Testing is designed to:

• Test the security configurations of your systems
• Test your procedures for incident detection and response
• Evaluate the potential information that attackers may be able to access

Moreover, our consultants will:

• Provide feedback that is focused on the risks to your business
• Provide technical feedback to your IT staff to enable them to develop security improvements
• Work with your IT staff to architect security improvements

Our test procedures are designed to address every element of an organisation's infrastructure and include:

• Platforms - Penetration/Intrusion test from the Internet, Extranet or Intranet
• Application - Testing for server, coding and manipulation functionality
• Web Load Testing - Testing with simulated user behaviour to verify stability & defence
• Database Engine resilience and table integrity
• Tele - War-dialling & telecom infrastructure analysis
• WLAN - Access & encryption methods present on wireless communication

The penetration test report we produce will be written in jargon free language and the report will be presented personally by the consultants involved.

Security Audits provide your organisation with the following benefits:

• They stop network attacks before they start by identifying weaknesses in your network's security.
• They make the most of your network security resources by prioritising vulnerabilities and risks that have been identified into critical, short-term, and long-term action items.

This service provides a comprehensive review of your enterprise's security posture. The duration of the audit is dependent on the complexity and geographic distribution of your locations. The following is a comprehensive list of what the audit covers:

• Administrative Security Review
• Host configuration Security Review
• User Access profile assessment
• Physical Security Review
• Policy & Procedure Review
• Network Topology Security Review
• Internal Network Vulnerability Test

Based on the findings of the security audit, the appropriate security mechanisms, where possible, will be proposed to mitigate the security risks identified. The Security Audit service provides you with a complete solution that is based on our proven methodology:

• Assess
• Design
• Implement
• Operate

Many organisations do not know the current state of the security on their networks. In today's complex, multi-protocol, multi-vendor networks, the task of base lining or taking a comprehensive snapshot of a network's security is daunting. As the risk and threat from unauthorised access and destruction of valuable network assets increase, the need for an understanding of an organisation's security posture is becoming critical to banish the threat of lost productivity and information.

Navigating through complex iGaming regulatory complexity

In recent year online gaming businesses have seen regulatory pressure increase. To be able to meet regulatory requirements, IT systems are not always reliable or sustainable. Forward-thinking businesses achieve compliance and ‘look good’ in the eyes of the regulator, but also make ‘staying compliant’ much easier through building a platform that will make implementing any future mandated changes easier. They also exploit the investment to build a true information framework that can be effectively leveraged for broader business insight, thus managing the business safely and soundly on an ongoing basis well before the regulator needs to intervene.

Our clients ask:

• Many regulatory pressures...how do I know if I’m compliant and address the issues if I’m not?
• How do I make sure I keep my eye on the ball while managing regulatory pressures?
• How can I make the external review less complex and ensure that all requirements are met?
• How can I prepare for a compliance review by a third party?

This is how we solve it:

Assistance to prepare for external reviews
We help you understand how new regulation would affect your IT operation and advise you on how to stay compliant in an increasingly regulated environment. PwC is approved by the Lotteries and Gaming Authority (LGA) to carry out system and compliance audits. The PwC iGaming team has performed more than 100 reviews on behalf of the LGA on iGaming licensees, covering the gaming and control systems of prospective licensees to ensure compliance with relevant regulations and the LGA’s policies. In preparation for the Authority’s audits, PwC can carry out a System and Compliance Audit Readiness Review to assess whether the applicant is adequately prepared to undergo the LGA Audit. PwC will also make recommendations on how the applicant can improve its operations and set-up in preparation for the Audit and can also assist the applicant in implementing the recommended improvements.

Defining IT Project Success and Managing Project Risks

The success, durability, reputation and value of a company can be positively influenced by the consistent achievement of system implementation objectives and outcomes. ln an environment where accountability for success is heightened, requirements are more complex and regulatory pressures – such as compliance and security – are increasing, achieving system implementation outcomes and satisfying stakeholders has become increasingly important and challenging.

Our clients ask:

• How can I ensure that my implementation plan is achievable?
• What internal resources and level of effort do I require to implement a new system?
• How can I be confident that business benefits of my system implementation will be appropriately identified and realised?
• I have implemented a new system, how do I know if it has been configured correctly and in line with my requirements?
• Do I have the required controls built in my new system?
• Can I trust the information that is being generated from my new system?

This is how we solve it:

Pre and Post Implementation reviews
System Implementation Assurance (SIA) is PwC’s proven methodology for delivering an independent assessment of a client’s project at any point in the client’s systems life cycle including pre or post implementation. SIA looks at the alignment of management’s desired outcomes, risks and approach with the objective of providing management with comfort that a project will achieve its desired outcomes.

Developed by PwC project management practitioners from around the world, the Systems Implementation Risk Management methodology provides local practitioners with a library of key implementation risks to be considered at key points in the life-cycle. The methodology enables local practitioners to leverage the firm's cumulative experience with project implementations.

The SIA methodology provides a structured approach for quickly identifying and validating the following key risks that could jeopardise achievement desired outcomes:

• Controls Risks: Will the design and implementation of controls address financial reporting operational and regulatory requirements in an efficient and effective manner?
• Project Risks: Will the solution be delivered on time, on budget, and to specifications?
• Business Risks: Have expected business benefits been clearly defined and communicated?

Delivering comfort over systems implementation projects requires the right team. PwC is in the unique position to deliver resources with the industry, technical and subject matter experience to enable the most effective and efficient implementation assurance review.

Controls addressing your Information Technology risks

Information Technology (“IT”) environments continue to increase in complexity with ever greater reliance on the information produced by IT systems and processes. The recent emergence of regulations aiming to restore the investor confidence placed a greater emphasis on internal controls and often requires independent assessments of the effectiveness of internal controls. In an organisation that relies heavily on the us of IT systems, this assessment is carried out over the IT general controls.

Our clients ask:

• I have read on a number of security incidents in various organisations. How can I ensure that I have controls to ensure that access to my system and data is restricted to properly authorised individuals?
• Do I have the right framework in place to manage changes to my current systems and to implement new systems?
• Will I be able to recover my data and systems if there is a fire in my building?
• Am I maintaining and reviewing the right audit trails in line with good practice?

This is how we solve it:

Review of Information Technology (IT) General Controls
This review identifies the relevant controls over the current information systems and assesses its adequacy. It entails an analysis of the information systems environment and structure. The review looks at changes to programs and related infrastructure components within the IT environment; access to programs and data within the core application (including security administration, physical security, operating system security and network security); the processing of day-to-day IT operations, which will include batch scheduling/real time processing, backup, and problem management and disaster recovery.

Information Technology (IT) General Controls review will mainly cover the following areas:

• IT department organisation and management;
• Logical and physical security (including user access);
• Operating systems and network security
• System maintenance activities (including change management);
• Computer operations;
• Backup/recovery procedures;
• Software development and implementation.