• Consulting

    Lead the change, build the future

IT Governance & Cyber Security

At BDO, we believe that cyber-attacks and data breaches are one of the biggest risk facing organisations and their boards today. Impact of cyber incidents could impair an organisation’s reputation, market value and financial position.

In the last couple of months, the world has witnessed an increase in cyber-attacks. Hackers are aware that due to the COVID-19 crisis, many people are actively working remotely. In these times, employees are often more restless, which reduces cyber awareness and therefore makes it easier for them to fall into a trap.

In order to answer to those threats we offer our customers various services for addressing the different weaknesses or regulatory obligations, each with a technical approach adapted to the size and complexity of our clients. This results in clear recommendations and specific actions to ensure the confidentiality, integrity, availability and security of your data and systems.

Cyber Security Assessment Programs:

  • Cyber Security Program Assessment (CSPA) - Comprehensive analysis of Cyber Security maturity levels across various domains
  • Third Party Risk Assessment (TPRA) - Comprehensive analysis of IT Outsourcing management
  • Identity & Access Management/Privileged Access Management – Assessment of the logical access control to the applications and operating systems

Control Framework Runbooks:

  • GAP assessment/Implementation of controls to be in line with common control frameworks - requirements for compliance with control frameworks (e.g. ISO27001, ISO22301, NIST, etc.)
  • GAP assessment/Implementation of controls for the financial institutions which are regulated by CSSF in Luxembourg:
    • Circular 20/750 - requirements set by CSSF related to information and communication technology (ICT) and security risks
    • Circular 17/654 (amended 19/714) - requirements set by CSSF related to the IT outsourcing relying on a cloud computing infrastructure

Security Assessments/testing:

  • Vulnerability Assessment - Technical analysis of IT infrastructure, emerging threats and vulnerability identification, assessment and prioritisation
  • Penetration Testing - An ethical hacking activities
  • Incident Response Simulation - Red/blue teaming, Incident response simulation such as Data breach, Ransomware etc.

Information Security Officer (ISO) support:

  • Review of ISO activities - Review of daily, weekly, monthly and annually tasks performed by ISO
  • Information/Cyber Security Awareness Training - Awareness training with all employees or customised trainings with focus on cyber security threats
  • Social Engineering – Simulation of phishing attacks (“Phishing as a Service”) or physical security test

IT Policies & IT Governance:

  • IT Policies & IT Procedures - Defining and/or reviewing the Security policies and procedures
  • IT Governance & IT Strategy- Defining and/or reviewing the IT Governance Framework or IT Strategy







Fact Sheet
CSSF Circular 20/750
ICT & Security Risk Management


Fact Sheet
Vulnerability Assessment
& Penetration Testing





Download   Download