CYBERSECURITY AND DATA PRIVACY

Mazars USA LLP is an independent member firm of Mazars Group.

MAZARS USA LLP

WWW.MAZARSUSA.COM

As one of the nation’s leading professional service firms, Mazars USA provides the resources, experience and global expertise to help you adapt in a dynamically changing landscape.

Transforming security and data privacy

The evolution of technology during the last decade, particularly during recent years, has provided the opportunity for organizations and financial institutions to adopt more digitalized environments both for client services and to support new, redesigned internal processes. In this increasingly sophisticated and complex technological environment, new security challenges are constantly arising, making it harder to protect valuable intellectual property and business information in digital form against theft and misuse.

Cyber attacks have far-reaching economic consequences for organizations; beyond financial, reputational and legal ramifications. No industry is immune. Being breached is becoming the new ‘normal’ for many institutions. Companies must be prepared to fend off external attacks (hackers, hacktivists and nation sponsored attacks) as well as internal attacks (such as disgruntled employees). Seemingly every day, a major new cybersecurity breach occurs and we have seen a number of high-profile breaches splashed across the media. As these breaches continue, cybersecurity has become one of the largest concerns for investors, boards and audit committees. Technology-related risks from both external sources and from within the company must be understood and effectively managed if they are to succeed in our ever more technology-centric world.

MAZARS USA CYBERSECURITY AND DATA PRIVACY GROUP

ContactAtif Ghauri, Principal | Cybersecurity Group Leader | (P) 267.254.8040 | (E) Atif.Ghauri@MazarsUSA.comCONTACT

+15 Country Members Expertise on GDPR Regulations360° Collaboration and

Global Perspective

Mazars Cybersecurity Practices

Mazars Cybersecurity Fusion Centers

Mazars Cybersecurity Practice operates in over 40 countries worldwide to support the development of growth through integration. We cater to the exclusive and diverse requirements of each organization.

In a global economy, international presence is important. We offer you worldwide service with the deep resources you need in a true partner, backed by the local insight to help you, no matter in which country you are operating.

A GLOBAL PRESENCE

Our long-standing relationships with with our clients is a testament to our value as their trusted business advisor.

HOW WE HELP OUR CLIENTS

Guide the board of directors and audit committee on tracking cybersecurity key performance indicators

Mazars’ cybersecurity and privacy group provides comprehensive advice, guidance, and consulting to numerous areas of the business, from the board of directors and audit committee, to program leaders, architects and technology professionals - tailored to an organization’s maturity in order to:

Advance knowledge of vulnerability management baseline through assessments, penetration testing, policy development, and secure architecture designs

Define the target state for cybersecurity along with a plan to attain defined goals

Advance knowledge in privacy and regulatory compliance through assessment, data discovery and data mapping

Develop compliance controls around the record of processing, data impact assessments, and data subject rights response

Assist in the development and implementation of incident and breach response programs

Continual risk and compliance management of cybersecurity and privacy policy, controls, and testing

Improve understanding of risk management and the latest cyber threats impacting their organization

The Mazars Cybersecurity and Data Privacy Consulting Group offers a continuum of services designed to help you understand and manage your cyber risk.

OUR SERVICESThe increasing digitization of corporate assets, proliferation of network connectivity, disappearance of corporate borders, and the increasing motivation and capabilities of cyber adversaries have transformed cyber risk from a technical consideration for a single department into a significant business risk for the whole enterprise.

As businesses become more and more dependent on information systems, the evolution of technology has created an environment which brings a whole new series of sophisticated and complex risks and opportunities.

Preparation and planning for a potential threat is more critical than ever before. Organizations should maintain a cybersecurity incident plan in order to limit damage not only in financial terms but also in potential loss of reputation.

All types of organizations, nationally and globally, and across industry practices with cybersecurity and data privacy concerns.

WE SERVICE:

Security and Data Privacy Consulting

• Chief Information Officer as a Service (CISO)

• Information Security Expert as a Service (ISE)

• Data Privacy Expert as a Service (PDE)

Ethical Hacking – Technical Assessments

• Vulnerability Assessment

• Network Penetration Testing

• Web Application Security Assessment

• Wireless Network Security Assessment

• Social Engineering / Phishing Simulation

• Physical Security and Penetration Testing

Threat Hunting Service• Review and Correlation of your system

• Staff training

• Help staff design, implement and deploy a

log monitoring platform

• Create/finetune custom notifications for

malicious activities

Security and Privacy Assessment

• NIST security and risk standards

• ISO security and risk standards

• GDPR, CCPA, PIPEDA

• HIPAA/HITECH

• FFIEC, SEC, FDIC

• PCI, NYCRR 500

• FTC

• NY Shield

Security and Privacy Solutions

Security Build Services• Incident Response Program

• Policy Development

• Security Architecture Framework &

Design

• ISO 27001 certification prep

Privacy Build Services • Incident Response Program

• Policy Development

• Security Architecture Framework &

Design

• ISO 27001 certification prep

Mazars’ Cybersecurity

Advisory Services

Security & Data Privacy Consulting

Ethical Hacking –Technical

Assessments

Security and Privacy Program Assessment

Threat HuntingService

Security and Privacy

Solutions

Helping you take control of your costs, efficiency and compliance by integrating security and privacy into your business operations and technology platforms.

ADVISORYSERVICES

CONTACT Phil Jones, Director | Cybersecurity - Advisory Services | (P) 813.760.5347 | (E) Phil.Jones@MazarsUSA.com

Mazars’ Cybersecurity

Managed Services

Cloud SecurityAnalytics

VulnerabilityManagement

Program

Virtual Security Operations Center

(vSOC)

Privacy ComplianceMonitoring

Managed DetectionResponse

MANAGEDSERVICES Providing you with 24/7 cybersecurity coverage with a proven

methodology and technology platforms to maintain your day-to-day security operations

Managed Detection Reponse • Security Event Monitoring, Triage, Escalation

• Threat hunting, research and analysis cadence

• Investigations using best in class technologies

• Incident validation and notification for Critical

Alerts

• Regular policy configuration and rule tuning

• Detections mapping to Prevention Policies

Cloud Security Analytics• 24x7 Security Event Monitoring, Triage,

Escalation

• 24x7 Security Alerting and Incident Response

• Evidence gathering for Compliance audit needs

• Real-time dashboards and operational reports

• Secure portal access

• Security services Proactive Maintenance

Vulnerability Management Program • 24x7 Vulnerability Scans

• SIEM Integration and mapping with vulnerabilities

• Delta reporting on new vulnerabilities between scans

• Executive Reporting for Leadership

• Operational Reporting for Management

• Security services Proactive Maintenance

Privacy Compliance Monitoring • Consulting Data Privacy Officer (DPO)

• DPO Privacy Subject Matter Expertise

• Executive Reporting for Leadership

• Services Periodic Assessments

Virtual Security Operations Center (vSOC)• 24x7 Security Event Monitoring, Triage,

Escalation

• 24x7 Security Alerting and Incident Response

• Real-time dashboards and operational reports

• Alert Enrichment, Event Correlation, Anomaly

Detection

• Evidence gathering for Compliance audit needs

• Security services Proactive Maintenance

CONTACT Serghei Iftodi, Director | Cybersecurity - Managed Services | (P) 267.532.4343 | (E) Serghei.Iftodi@MazarsUsa.com

Our Highly Qualified cyber and data privacy professionals are certified as:

CISSP CISM CIPM HCISPP

CISA CCSFP Project+ Network+

MCSE MCITP:EA ITILv3 QSA

CCK Cloud Essentials

in order to deliver best in class knowledge, service, and customer experience.

OUR EXPERTISE

Our professionals deliver in-depth insight for C-Suite executives and the Board

focusing on the distinct elements to maintain a healthy and solid

cybersecurity strategy.

Did you know...

The Verizon Data Breach Investigations Report (DBIR) provides you with crucial perspectives on threats that organizations like yours face. The 12th DBIR is built on real-world data from 41,686 security incidents and 2,013 data breaches provided by 73 data sources, both public and private entities, spanning 86 countries worldwide.

2019 DATA BREACH INVESTIGATIONS REPORT (DBIR)

Did you know...

Source: 2019 Verizon DBIR

Data breaches continue to make headlines around the world. Seemingly, no matter what defensive measures security professionals put in place, attackers are able to circumvent them. No organization is too large or too small to fall victim to a data breach. No industry vertical is immune to attack. Regardless of the type or amount of your organization’s data, there is someoneout there who is trying to steal it.

Having a sound understanding of the threats you and your peer organizations face, how they have evolved over time, and which tactics are most likely to be utilized can prepare you to manage these risks more effectively and efficiently.

A North American Life Sciences company was processing special categories of private information, and were concerned about their ability to comply with multiple privacy laws, in multiple jurisdictions, some of which could be conflicting.

Without an all-encompassing privacy plan, they risked fines, losing business, and not being allowed to partner with other companies to complete projects, which could cost them millions of dollars in lost opportunity.

As such, the company sought guidance on building a privacy program that would meet Privacy Shield, General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) requirements simultaneously, without reinventing the wheel for each new governing body.

THE CHALLENGE

In six weeks, Mazars developed a GDPR-compliant roadmap with specific deliverables around privacy notice, established a data protection office, built a customized process for the company to respond to Data Subject Rights requests (DSR), and a template for how to manage a record of processing private data (ROPA), along with how to perform ongoing PIAs within their environment. We also provided a data protection officer (DPO) service, to support the company until the program was fully mature.

As a result of the initiative, the company was able to continue with its expansion and integration with its partners, supporting a prosperous outlook for the future.

BENEFITS ACHIEVED

CASE STUDY LIFE SCIENCES COMPANY

PRIVACY PROGRAM: GDPR, CCPS, PIPEDA

HOW MAZARS HELPED Working with multiple divisions and departments, Mazars was able to rewrite the company’s contract language around compliance, significantly limiting their exposure to fines and cease orders. At the same time, Mazars was able to work with the company’s data protection offices to create a Data Subject Rights (DSR) response program, which was closely related to the privacy protection processes, both operationally and legally.

By working with compliance, IT and the company’s data protection offices, we were able to develop Privacy Impact Assessments (PIAs), along with a Record of Processing Activities (ROPA) program.

A major U.S. manufacturer processed large amounts of personal data in multiple countries. Because some of their operations fall under the jurisdiction of the European Union, they needed to assess their operational compliance with the privacy policy rules under the EU’s General Data Protection Regulation (GDPR).

In particular, they were concerned about being fined for non-compliance, or losing market share if they were subjected to sanctions requiring them to temporarily cease operations. They also recognized that if they were found not to be compliant, other compliant companies would not do business with them.

THE CHALLENGE

The reduced work hours led to 80% reduced costs for the function and, with the new system in place, the company has been able to avoid fines, while maintaining high levels of confidence from their customers and the regulators.

BENEFITS ACHIEVED

CASE STUDY MAJOR MANUFACTURER - GDPR

HOW MAZARS HELPED Based on Mazars’ previous IT-related consulting and audit work, the company requested our help with developing a more efficient and effective Privacy Impact Assessment (PIA) program.

Working with the company’s Legal department, in less than three weeks Mazars was able to develop a GDPR compliant PIA program that enabled the company to perform PIAs in one week – an 85% reduction in time, using less than 40 work hours.

We address the specific needs of women – whether single, married, divorced or widowed.

The EU’s General Data Protection Regulation (GDPR) is a growing concern for companies doing business in Europe.

A US-based recruiting company recognized they faced greater exposure from privacy issues due to the highly personal nature of the data they hold on job candidates. To mitigate the financial and reputational risks and potential costs of non-compliance with the GDPR, senior management issued a corporate directive for all divisions to be in compliance from an organizational, technical and legal standpoints; for each group to conduct regular risk analyses of existing and anticipated processes and tools; and for each group to proactively develop recommendations to eliminate or correct any identified or potential areas of non-compliance.

THE CHALLENGE

As a result, the company was able to generate a corporation-wide awareness of the importance of privacy, were able to develop specific tools to achieve and maintain compliance, and were able to ensure that private data and data subject requests are appropriately controlled and responded to, avoiding brand degradation and promoting security.

Company executives and the Board of Directors now have a high level of comfort that the brand’s reputation will be enhanced, and the risk of fines or cease orders is minimized.

BENEFITS ACHIEVED

CASE STUDY U.S. RECRUITING COMPANY - DATA PRIVACY

HOW MAZARS HELPED Working with HR, Security, Legal, IT, and Compliance, Mazars developed a standardized approach that could effectively and efficiently manage the most privacy-sensitive processes across multiple entities of the group. In addition, Mazars conducted a thorough analysis of the company’s SLA measures and made recommendations for implementing binding rules to secure international transfers necessary to ensure that data transfers to other countries met legal and security requirements.

Then, to ensure a speedy and effective rollout, Mazars conducted an organizational analysis, and developed a cross-functional action plan for each group – setting up dedicated corporate initiatives to reinforce GDPR compliance on specific topics (best practices, retention, transfers, etc.).

OUR LEADERS

Atif is a renowned cybersecurity expert with 20 years of experience in management consulting, technical and sales operations, product management, and business development. He is an innovator in cybersecurity, receiving a patent in security analytics on embedded consumer devices monitoring user activity anomalies.

Prior to joining Mazars USA, Atif served as a Senior Vice President & Chief Technology Officer of a large independently owned managed security services provider.

Phil Jones, Director Cybersecurity - Advisory Services (P) 813.760.5347 | Philip.Jones@MazarsUSA.com

Phil is a Privacy Leader, Director of Security, Chief Security Architect, and Data Privacy Officer (DPO) with a Master Level Security and in the process of achieving his Fellowship in Privacy (FIP) certification. Phil has built multiple privacy programs ranging from startups to major international organizations. He has guided multiple board of directors through tough and complex compliance of security and privacy regulations.

Serghei has 12 years of executive, managerial and consulting achievements leading and delivering managed security solutions and services to multiple Fortune 500 organizations as part of Federal and Regulatory Compliance programs, strengthening their security posture and helping fight cyber crime.He is highly skilled in Security Information and Event Management (SIEM) technologies as well as Security Operations Center best practices in detecting and responding to cyber threats as well as meeting and maintaining compliance controls, such as SOX, PCI-DSS, HIPAA, NERC-CIP, FISMA and others.

Serghei Iftodi, Director Cybersecurity - Managed Services (P) 267.532.4343 | Serghei.Iftodi@MazarsUSA.com

Atif Ghauri, PrincipalCybersecurity Practice Leader (P) 267.254.8040 | Atif.Ghauri@MazarsUSA.com

Our cybersecurity experts provide a unique combination of foresight, experience, and hands-on execution to assist you in mitigating risk and protecting your business.

QUALITYQuality first, whatever the mandate, wherever it is located.

TRUSTEDOur clients are very pleased by both our solutions and our approach.

COORDINATION Thanks to our unique global structure, we can ensure smooth coordination worldwide.

FOCUS We consider you a top client. Our team delivers added value to every engagement.

VALUE We innovate and partner with you to create value.

WHY CHOOSE MAZARS

FOR MORE INFORMATION

Mazars USA LLP is an independent member firm of Mazars Group.

Mazars USA LLP provides insight and specialized experience in accounting, tax and consulting services. Since 1921, our skilled professionals have leveraged technical expertise and industry familiarity to create customized solutions to overcome client challenges.

As the independent U.S. member firm of Mazars Group, we have a global reach of 24,000 professionals in 91+ countries.

Locally and internationally, we build lasting relationships with our clients by addressing their particular needs, creating value and optimizing their organizational performance.

WWW.MAZARSUSA.COM/CYBERSECURITY

WWW.TWITTER.COM/@MAZARSCYBERTEAMWWW.FACEBOOK.COM/MAZARSUSALLPWWW.LINKEDIN.COM/COMPANY/MAZARS-USAWWW.YOUTUBE.COM/MAZARSUSALLP

ABOUTMAZARS USA