Cybersecurity frameworks and standards

Fortify your cybersecurity posture

Latest insights - 4 items

2025 Global Digital Trust Insights

Bridging the gaps to cyber resilience: The C-suite playbook

Build resilience for severe but plausible scenario

7 key questions for your executive team to build resilience

Release of OSPAR v2.0 for OSPs

What you need to do to comply with the new OSPAR v2.0 requirements

Updates to the MAS Outsourcing Notices

What banks and merchant banks need to know about Notice 658 and 1121

As businesses increasingly shift towards digitisation, cybersecurity management has become a top priority for senior management and cybersecurity teams.

To defend against cybersecurity threats and risks, companies can turn to established IT standards and frameworks such as:

Cybersecurity Framework – NIST Cybersecurity Framework, ISO:27001 / 27002
Controls Framework – Control Objectives for Information and Related Technologies (“COBIT”), Information Technology Infrastructure Library (“ITIL”)
Regulatory Standards - Singapore Cybersecurity Act Cybersecurity Code of Practice for Critical Information Infrastructure (“CSA CCoP”), MAS Technology Risk Management Guidelines, MAS Cyber Hygiene Guidelines, Singapore Personal Data Protection Act (“PDPA”)

These standards can help companies develop and implement effective security measures, enhancing their overall cybersecurity risk management. For example, the NIST Cybersecurity Framework outlines 5 core functions - Identify, Protect, Detect, Respond and Recover - which provide a comprehensive view of the cybersecurity risk management lifecycle. Companies can also use the framework's implementation tiers (ranging from Partial - Tier 1 to Adaptive - Tier 4) to evaluate and improve their current cybersecurity risk management processes. PwC’s Digital Trust Insights 2023 survey revealed that respondents recognised the need to further advance the five basic cyber capabilities outlined in the NIST Cybersecurity Framework.

How we can help you

At PwC, we possess extensive expertise in evaluating technology controls using frameworks. We can help you determine if your cybersecurity and IT practices are aligned with the standards, providing stakeholders with a comprehensive understanding of your cybersecurity risk management posture.

Gap analysis and maturity assessment
Audit compliance

Gap analysis and maturity assessment

We can assess your company’s current information security state against established IT standards and frameworks. Beyond the initial assessment, we can help you develop a roadmap towards achieving the target state of information security management. In addition, we can assist with the development of policies and processes based on the standards or regulatory requirements.

Audit compliance

The potential monetary and non-monetary consequences of cyber non-compliance are becoming more costly. Failure to adhere to established frameworks and standards may put organisations at greater risk of cyber incidents, which could lead to significant penalty fines from regulators, reputational damage, and more.

We can help you review your IT systems and processes against established IT frameworks and standards or your own information security framework, to identify non-compliant practices.

Required fields are marked with an asterisk(*)

Business email*

Name*

Organisation*

Job title*

Message*

Tick the box to verify you are not a robot. *

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Contact us

Jimmy Sng

Technology Risk Services Leader, PwC Singapore

Tel: +65 9746 6771

Michelle Xie

Senior Manager, Digital Solutions, PwC Singapore

Tel: +65 9624 6280

Hide