Solutions
Cyber Risk Framework
Providing a disruptive cyber risk analysis methodology
In a world increasingly driven by digital technologies and information, cyber threats are becoming more and more an everyday strategic imperative. Dynamic, pragmatic and proactive, Deloitte’s Cyber Risk Framework (CRF) is a disruptive framework combining an improved methodology, a web application, and cyber security experts to understand business risks and their related cyber threats.
Identify your risks and make the right security decisions
“How can I be sure that my cyber security measures are relevant against cyber threats?”
– CIO“What are the cyber threats that can induce business risks?”
– Business Unit
The benefits
Focus on the right priorities
Spend money only on the cyber capabilities that you really need. The CRF helps you find the configuration that best fits your objectives and your budget.
Improve risk governance
Check and evaluate all your risks from one place.
Consolidate risk management and tools
The whole methodology is packaged in the CRF dynamic web application.
Enhance value from cyber security investments
Ensure that security is not just a cost center but is also a source of opportunities.
Save time and effort when performing risk analysis
Most of the methodology is assisted by the CRF tool. Don't waste time trying to consider everything - the CRF is fast and totally impartial.
The methodology
UNDERSTAND
1
Interviews with business units to collect business risks and impacts
2
Identify information systems that support the business processes
3
Identify which cyber threats can induce a business risk (e.g. a cyber criminal steals client data)
IMAGINE
4
Model the sequence of attacks that cyber criminals will imple-ment (attack scenarios)
5
Identify the cyber security measures that block or reduce the impact of each attack in the scenario (knowledge database)
PLAN
6
Evaluate the current level of maturity of each identified cyber security measure; identify cyber security measures to imple-ment or improve and formalize the risk treatment plan
