Security, Privacy & Resiliency

Every organization has operational requirements that are non-negotiable: protecting intellectual property and customer information, providing convenient and secure access to products and information, complying with regulatory mandates.

To enhance the security, privacy and resiliency of your organization, you need to work with trained professionals. Deloitte can help you manage your information and technology risks, we use proven methodologies and tools to deliver end-to-end solutions.

Application Integrity

Organizations today rely on a proliferating number of computer applications to support new processes, businesses and technologies. Systems like SAP and Oracle increasingly enable information sharing across these disparate applications by featuring web-enabled solutions, portals and exchanges. However, despite its benefits, this functionality introduces new risks to information integrity.

To counter these risks and demonstrate strong risk management practices We can help you meet the stringent requirements of your regulators, auditors and internal stakeholders and:

  • Strengthen your application security and controls
  • Improve your business controls and processes
  • Adopt effective segregation of duties policies
  • Enhance application interfaces and integration
  • Implement and configure VIRSA’s and SAP’s governance, risk and compliance (GRC) suite of modules

Operational resiliency

As organizations increasingly operate around the clock and depend on technology to conduct business, the need for continuity of service grows. In fact, operational resiliency is more than simply a critical component of successful business management. It can also help protect against business failure following a major disruption.

To avoid these risks, Deloitte can help you establish a strong operational resiliency framework that enables you to identify issues before they escalate and prevent loss.

Identity & Access Management

To remain competitive, businesses need the ability to extend their operations outside traditional boundaries. Providing employees, business partners and customers with authorized access to information at any time, from anywhere, has become a key business need.

To help you extend your information access while maintaining a secure infrastructure, Deloitte has developed a proven identity and access management framework. By bringing together skills in business processes, security and controls, enterprise resource planning (ERP), project management and technology with in-depth vendor software knowledge, we can help you:

  • Conduct an analysis of your current state
  • Develop an identity and access management strategy, business case and roadmap
  • Design a customized solution
  • Select the products that are right for you
  • Implement and integrate your identity management program

Privacy & Data Protection

In recent years, organizations have struggled to comply with an ever-expanding array of international laws and regulations governing the handling of personal information. High-profile data security breaches continue to attract intense publicity and regulatory reprisal. To prevent reputational damage, regulatory action and the operational fallout of a breach, organizations must adopt a proactive approach to privacy and data protection.

To enable organizations to reduce this risk exposure, you need to  gain an understanding of the personal information you hold and how it is controlled, we can help you:

  • Develop a privacy and data protection strategy
  • Build an organization-wide inventory and classification map of personal data
  • Adopt effective policies and procedures
  • Conduct employee training and awareness programs
  • Securely enable cross-border data transfers
  • Review third-party controls
  • Retain critical data and prevent it from being compromised
  • Comply with law enforcement requests to procure specific data
  • Build privacy controls into your IT projects
  • Manage the full range of your international compliance requirements
  • Structure audit and monitoring programs for ongoing data protection compliance
  • Manage a post-breach situation and investigation

Security Management & Transformation

In today’s complex business environment, organizational response to sophisticated security threats is woefully inadequate. To strengthen your security, you must implement and maintain proactive security governance and compliance programs that are using proven methodologies, and can help you design and implement robust security policies and standards, governance programs, metrics, automated dashboards, and automated risk and compliance solutions.

In the event of a significant security breach or board-level mandates, we also have the scale and experience to help you refine your approach to information security, design a new strategy, transform your structure and governance policies, and implement new systems.

Security Operations

As the security landscape evolves and threats become more sophisticated, organizations need rigorous operational processes to safeguard their physical and information assets. This involves more than bringing together disparate functions - such as IT, HR, legal and facilities management - to deliver a unified approach. It also requires the effective definition of processes and their communication on a regular basis, monitor risks, respond to incidents and prevent the exploitation of vulnerabilities, we can help you:

  • Monitor your systems to prevent malware attacks
  • Detect and thwart intrusions
  • Adopt effective SIEM (security incident and event management) processes
  • Mitigate internal and external threats
  • Respond proactively to incidents and manage crises
  • Strengthen your disaster recovery program
  • Trace the root of a breach through e-discovery and IT forensics
  • Strengthen your email, firewall and network segregation policies
  • Prevent data leakage
  • Introduce sophisticated security measures, such as cryptography


With the proliferation of Internet-enabled devices, cyberculture is growing more rapidly than cybersecurity. This means private data, intellectual property, cyber-information and even military and national security can be compromised by deliberate attacks, inadvertent security lapses and the vulnerabilities of a relatively immature, unregulated global Internet. In response to these risks, in March 2010, the U.S. Senate Commerce Committee introduced sweeping legislation to enhance the public-private coordination to defend the country’s communications systems and other critical infrastructure against cyberattacks. Canadian legislation may not be far behind.

To help you leverage the power of cyberspace, Deloitte can work with you to plan and execute an integrated cybersecurity solution. This will position you to confidently rely on information networks to enhance business operations, improve mission performance and strengthen customer support — without compromising security or privacy.