Technical evaluation of information environment security

With the changing realities of doing business, companies can no longer be sure of the security of their information resources. Along with this, attackers have expanded the number of attack vectors: remote access tools, employees' own devices, new topics for social engineering attacks. 77% of respondents to the EY Global Information Security Survey say they have seen a significant increase in disruptive cyber attacks, up from 59% last year.

The team

Photographic portrait of Dmytro Lazuchenkov
Dmytro Lazuchenkov
Partner, Technology Risk Consulting Leader
ey-ukraine-roman-totskyi
Roman Totskyi
Manager, Technology Risk Consulting

How EY can help

We offer our clients a line of applied services in the field of cyber security, which will help quickly and effectively eliminate existing deficiencies in the protection of the information environment:

  • Vulnerability Assessment will help identify deficiencies in configurations of information resources located "on the surface". With our help, the organization will be able to understand whether there are known vulnerabilities in the IT infrastructure that can be used by attackers
  • Penetration Testing allows you to understand the depth of a possible attack and its potential impact on critical information systems and business processes. EY specialists will help to understand what information about the company is in public access, to assess the existing vulnerabilities of information resources and the possibilities of their use by criminals
  • Compromise Assessment helps identify current and past intrusions into an organization's information environment, as well as identify compromised information resources. For this, EY specialists use tools that analyze information resources to identify indicators of compromise and allow to detect traces of the activity of an attacker in the information environment.

Based on the results of the work, we always provide detailed structured recommendations, as well as a prioritized plan for their implementation, which allows our clients to effectively achieve quick results and significantly reduce the probability of successful cyber attacks on their information environment.

What we do

As a part of technical assessment services for the security of the company's information environment, we use advanced technical means and all our experience to identify flaws in information systems that can be used by attackers, and determine how to eliminate them. The results of the work are a report that includes:

  • Structured description of identified deficiencies and their confirmation found in the system
  • Risks that arise in connection with the deficiencies found and their level of criticality
  • Clear and consistent recommendations for eliminating identified deficiencies and reducing risks
  • A prioritized plan for the implementation of recommendations.

More about each of the services:

If necessary, we offer consultation support from EY cyber analysts in implementing the recommendations. 

Why EY?

Our team has huge experience in the implementation of various information security projects, including technical security assessments. The Ukrainian team has recently completed 5 such projects for leading local and international companies in their field. To shape our approach, we use leading information security practices, including OSSTMM, OWASP, NIST, PTES, ISSAF, and others.

Contact us

Interested in the changes we have made here, 

contact us to find out more

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.