This report maps internal KPMG security posture against the industry based on the threat intelligence research including both internal and external sources of information.
|Distribution Scope||GSOC / Member Firm|
|Audience||Global CISO / Member Firm CISOs / GSOC Manager / NITSO|
|Mode of Generation||Manual|
|Distribution Channel||SharePoint / Email|
|Production Format||Document-based (PDF)|
|Data Source||Threat Intelligence Portal (Sources) / RSA Archer SecOps / RSA Security Analytics|
The title page defines the name of the Threat or the Attack.
Standard Table of Contents to allow for easy navigation of the report.
One page overview of the key findings and recommendations presented within the report.
Identifies and list all sources of intelligence that the report utilizes, including both internal and external sources.
Explains likelihood of being a target of similar attack(s) and/or evidence of similar attacks already in motion.
Vulnerabilities in the field and how entities monitored by KPMG fare against those.
Relevant zero-days and how they affect the KPMG GSOC monitored space.
Topics of interest in the Press related to key security areas followed by a brief assessment of how KPMG monitored space fare against those.
Updates on any suspected data breach pending confirmation from the corresponding Member Firms in line with the KPMG Data Breach policy.
Updates on any open data breaches which have been confirmed by the corresponding Member Firms in line with the KPMG Data Breach policy.
Specific Business Units impacted (if any), service impact and what severity specific to corresponding Member Firm.
Brief account of emerging technologies and techniques that support KPMG efforts to maintain and improve its security posture, e.g. an improvement in the detection capabilities due to a new to market technology start-up.
Brief account of emerging technologies and techniques that pose a threat to KPMG efforts to maintain and improve its security posture, e.g. an improvement in the attack capabilities of a known adversary due to their access to certain tools, technologies or enhanced skills capability.