Amadeus, a travel technology company, has appointed a Chief Information Security Officer for the Asia-Pacific region. He wants an assessment of the level of security of the 13 countries that make up his perimeter. This security audit should allow the strategic needs for the region to be identified and prioritized.


Wavestone supports the client in analyzing each of the entities:

  • Attractiveness and sensitivity – each entity has specific activities and can process data of various levels of sensitivity (client data, banking data, intellectual property data, etc.).
  • Maturity of the security level – this involves assessing not only the level of cybersecurity protection but also the ability to detect an attack and react appropriately.
  • Physical safety – physical access to the premises of the various entities is considered sensitive and is therefore part of the scope of the audits.

Answers & key success factors

The success of this support over time relies on a combination of methodology and technical expertise to serve the business lines:

  • Leading technical tools: the penetration tests rely on our customised tools, developed and maintained by our team of experts.
  • A standardized maintenance methodology: by complying with the international standards for information security, our approach can be measured and replicated.
  • An audit serving the business line: the objective of the audit is to serve our client’s strategic challenges. The recommendations are prioritized and put in perspective on the basis of the business line challenges.