Cyber Risk Framework
Providing a disruptive cyber risk analysis methodology
In a world increasingly driven by digital technologies and information, cyber threats are becoming more and more an everyday strategic imperative. Dynamic, pragmatic and proactive, Deloitte’s Cyber Risk Framework (CRF) is a disruptive framework combining an improved methodology, a web application, and cyber security experts to understand business risks and their related cyber threats.
Identify your risks and make the right security decisions
“How can I be sure that my cyber security measures are relevant against cyber threats?”– CIO
“What are the cyber threats that can induce business risks?”– Business Unit
Spend money only on the cyber capabilities that you really need. The CRF helps you find the configuration that best fits your objectives and your budget.
Check and evaluate all your risks from one place.
The whole methodology is packaged in the CRF dynamic web application.
Ensure that security is not just a cost center but is also a source of opportunities.
Most of the methodology is assisted by the CRF tool. Don't waste time trying to consider everything - the CRF is fast and totally impartial.
Interviews with business units to collect business risks and impacts
Identify information systems that support the business processes
Identify which cyber threats can induce a business risk (e.g. a cyber criminal steals client data)
Model the sequence of attacks that cyber criminals will imple-ment (attack scenarios)
Identify the cyber security measures that block or reduce the impact of each attack in the scenario (knowledge database)
Evaluate the current level of maturity of each identified cyber security measure; identify cyber security measures to imple-ment or improve and formalize the risk treatment plan