Insights

Asking the better questions that unlock new answers to the working world's most complex issues.

Explore

Spotlight

AI insights

CEO agenda

CFO agenda

EY Center for Board Matters

Services

EY helps clients create long-term value for all stakeholders. Enabled by data and technology, our services and solutions provide trust through assurance and help clients transform, grow and operate.

Explore

Spotlight

EY.ai - A unifying platform

Strategy, transaction and transformation consulting

Technology transformation

Tax function operations

Climate change and sustainability services

EY Ecosystems

EY Nexus: business transformation platform

Industries

Discover how EY insights and services are helping to reframe the future of your industry.

Explore

Case studies

Strategy and Transactions

Reframing the future of an iconic skiwear brand

25 Apr 2023Falco Weidemeyer

Alliances

How a B2B company drove engagement by transforming its D2C platform

16 Mar 2023Aabid Abbasi

Strategy and Transactions

How an insolvent travel industry giant got back on track

15 Nov 2023York Zheng

See all

Careers

We bring together extraordinary people, like you, to build a better working world.

Explore

Spotlight

Experienced professionals

EY-Parthenon careers

Student and entry level programs

Talent community

About us

At EY, our purpose is building a better working world. The insights and services we provide help to create long-term value for clients, people and society, and to build trust in the capital markets.

Explore

Top news

Press release

Ukraine Launches New Phase of Competition Legislation Reform

06 Sep 2023EY Ukraine

Press release

EY Ukraine announces the launching of a new member firm – EY Ukraine Digital

19 Jun 2023EY Ukraine

Press release

EY experts have completed the certification in the field of public-private partnership - Certified PPP Professional by APMG International

19 Mar 2023EY Ukraine

See all results for ' '

No results have been found

Recent Searches

Trending

Select your location

Local sites

Information security risk management

Due to the growing number of cyberattacks, modern organizations are increasingly exposed to information security (IS) risks that can lead to financial, reputational, or operational losses. Organizations that want to mitigate the negative impact must be proactive in ensuring their cyber security. An effective IS risk management process will help them in it, addressing the following questions: "What and how should we protect, and what would be a reasonable investment in it?".

The team

Dmytro Lazuchenkov

Partner, Technology Risk Consulting Leader

Photographic portrait of yevheniia honcharenko

Yevheniia Honcharenko Yevheniia Honcharenko

Manager, Technology Risk Consulting

How EY can help

Our team of experts assists clients in developing and implementing an IS risk management process to timely identify, assess and handle risks that could compromise the confidentiality, integrity and availability of critical information.

Since this process is continuous and cyclical, as part of a collaborative project, we go through the first cycle together with the client's team to establish the process and prepare them for further independent work.

After a project with us, clients can answer the following questions:

What information exists and what is its level of criticality?
What losses may they face because of disclosure, unauthorized modification, or destruction of critical information?
What are the threats targeting critical information, its storage and processing locations, and what is the likelihood of these threats being realized?
What protective measures should be implemented to mitigate the potential damage or reduce the likelihood of threats being realized, and what is the associated cost of implementing these measures?

We help our clients understand what protective measures are economically feasible, considering information about the identified risks, their level and possible losses for the company.

What we do

In order to successfully implement and establish the process of IS risk management, we perform the following tasks together with the client's team:

No mature process can work effectively without clearly defined rules and responsibilities. That is why we always start our projects by updating the existing or developing a new methodology, which includes a detailed description of all process steps, input and output information required to perform each step, roles, and responsibilities.
We identify vulnerabilities in the places where information is stored and processed, as well as threats that target them. For each identified threat, we estimate the likelihood of its realization, taking into account the protective measures implemented in the company. Based on this information, we determine the criticality level of IS risks.

Why EY?

Our team has huge experience in the implementation of various information security projects, including information security risk management projects. The Ukrainian team has completed more than 10 such projects over the past 5 years for leading local companies in their field. To form our approach, we use leading practices of information security, in particular, ISO 27001, NIST Cybersecurity Framework, and others.

Other technology risk services

Photographic portrait of Ansa Stefano de Alessandri

How an Italian news agency used blockchain to combat fake news

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.

Insights

Trending topics

Spotlight

Services

Spotlight

Industries

Case studies

Careers

Spotlight

About us

Top news

Information security risk management

How EY can help

What we do

Development of documentation

Inventory of information assets

Classification of information assets

Assessment of IS risks

IS risks treatment

Why EY?

Other technology risk services