Federal Cyber and Risk Services | Deloitte US | Federal


Federal Cyber Risk Services

Learn more about our practice

Achieving your mission means knowing the strategic and cyber risks. Many agencies are turning to increased data and information gathering to improve services. In the digital world, Deloitte risk specialists can help you effectively manage the latest technology to mitigate risks while protecting against privacy breaches, fraud, and espionage.

Cyber Risk Services

Cyber Risk Services

Deloitte's Cyber Risk Program Development and Governance services support the transition to an executive-led cyber risk program that balances requirements to be secure, vigilant, and resilient in line with the risk appetite of the organization.

Strategic Risk Services

Strategic Risk Services

Deloitte’s Strategic Risk Services provide consultative and managed services, as well as one-day interactive labs, to help C-Suite executives, boards and decision-makers identify, assess, manage, and respond to strategic risks and major crisis events. Our understanding of strategic risks and their drivers, in combination with our leading-edge tools and methodologies, allows us to help clients better protect value, drive performance, meet strategic objectives and seize competitive advantage. Our crisis management specialists help companies sense, prepare for, respond to, and emerge stronger from major crises.

Addressing cyber threats

Multi-factor authentication protects against intrusion attempts by increasing the difficulty of compromising a privileged user. For instance, PIV-enabled multi-factor authentication operates by requiring the user to enter a PIN (something the user knows) to unlock their PIV’s digital certificates (something the user has). The PIV then participates in a cryptographic authentication process with the protected network or server. The cryptographic process is designed to thwart “replay” and other “man-in-the-middle” attacks, and cannot be duplicated by an attacker who does not possess the PIV. Other, non-PIV cryptographic tokens can provide similar capabilities, but none are as widely distributed to the federal and contractor workforce as are PIV cards.

​Privileged user accounts typically have the most elevated permissions, or greatest capabilities, in an IT organization and access to the most sensitive information. As a result, those user(s) and/or server accounts also have the potential to cause the most damage. Generally speaking, a privileged user account is typically able to:

  • Access, alter and remove data;
  • Run programs and enable or remove file shares;
  • Add and delete users, change user privileges and enable remote access;
  • Read and change database records, access transactions data, change database configuration and schema, add or modify stored procedures;
  • Grant and deny network access and enable and disable monitoring;
  • Alter configuration and audit settings.

Changing the game on cyber risk

Most reports on cyber security revolve around a common theme: despite heightened attention and unprecedented levels of security investment, the number of cyber incidents—and their associated costs—continues to rise. They typically point to the growing sophistication of hackers and other adversaries as a particularly intractable problem, and some deliberate over whether being secure is even possible in today’s rapidly evolving landscape of cyber attacks.

Given that you cannot prevent all cyber incidents, the traditional discipline of security, isolated from a more comprehensive risk-based approach, is not enough to protect you. Through the lens of what’s most important to your agency, you must invest in cost-justified security controls to protect your most important assets, but you must focus equal—in some cases greater—effort on gaining more insight into threats, and responding more effectively to reduce their impact. Through an ongoing program to become secure, vigilant, and resilient, you can be more confident in your ability to reap the value of your strategic investments.

More topics

Contact us

Contact us via our online form

Submit RFP

Submit via our online form


Cyber Risk Services

We help organizations address information and technology risks, such as cyber security, data leakage, identity and access management, and data security.


Strategic Risk Services

In an uncertain and complex world, Deloitte can help you survive strategic risks and major crisis events.


Gordon Hannah

Principal, Deloitte & Touche LLP


Marc Greathouse

Partner | Federal Regulatory Consulting


Todd Grams

Director | Deloitte & Touche LLP


Life at Deloitte

People make Deloitte one of the best places to work. What’s great about the people? That’s an easy answer. They are exceptional. Each person is unique and valued for that, among the best and brightest in the business, and takes pride in his or her achievements and the success of others.