Cyber security services
Deloitte's Information & Technology Risk practice helps organizations to deal with issues related to business processes, technology, operational and financial risks. Our aim is to enable clients to measure, manage and control risk and thereby to enhance the reliability of processes and systems across the board.
We understand business and industry issues coupled with technology, audit and security expertise. This allows us to determine the real business impact of risks and to frame our findings and recommendations in a business context. A number of our professionals possess CISA and CISM certifications.
- Information leakage prevention
- Information security compliance
- Segregation of duties in ERP systems
- Business continuity & resilience
- IT Audit
All organizations hold sensitive data that customers, business partners, regulators, shareholders and the board expect them to protect. Despite this, high profile security breaches involving personal and corporate data continue.
The impact of regulatory intervention combined with negative publicity and public perception is prompting organizations to take immediate measures to understand the sensitive information they hold, how it is controlled and how to prevent it from being leaked.
- Information flow analysis to understand how the organization currently manages sensitive information, where that information is stored, who is using it and how it is processed
- Assessment of the likelihood and impact of information loss
- Review of how the information is handled and the controls in place
- Development of remediation plans
- Assistance with the selection and implementation of automated DLP solution
Information leakage prevention
Organizations must implement and maintain a security management framework, aligning people, process and technology, to survive in today’s competitive market and comply with external requirements.
- Assessment of the current state of information security against the requirements of the National Bank of Kazakhstan security standard and world best practices.
- Risk assessment, development of information security strategies, business cases and implementation roadmaps.
Information security compliance
To reduce the risk of fraud and unauthorized transactions, no single individual should have control over two or more parts of a process. This is a segregation (or separation) of duties. A simple example would be of an assistant in the accounts department who has been assigned access to amend supplier master file details and to make payments, which could lead to fraud as individuals create a supplier and process fraudulent payments to themselves. From experience, most segregation of duties issues occur because an organization has not taken a risk-managed approach to designing processes. There is frequently a lack of focus and attention given to the design, operation and monitoring of segregation of duties with organisations.
- SAP health check to gain clarity on your organization’s Segregation of Duties violations and identify the possible implications.
- Implementation or optimization of SAP controls through automation and rationalization to streamline existing controls or implement automated control solutions.
- Implementation support for SAP GRP Access Control.
Segregation of duties in ERP systems
The need to provide continuity of service has never been greater due to more and more organizations operating 24/7 and there being an increasing dependence on technology in order to conduct business.
ncreasing stakeholder and regulatory expectations demand an approach that gives equal consideration to managing the immediate and longer term outcomes from incidents affecting people, processes, systems or events external to the organization.
- Business impact and current state analysis
- Management of your business continuity program
- Development of business continuity plans
- Business continuity testing and training
Business continuity & resilience
Enterprise resource planning (ERP) provides security and integrity assessment services on IT systems that support corporate-wide business processes. Our ERS team helps clients to mitigate exposures and assure control performance, including maximising the benefits of ERP technology through post-implementation reviews and ERP audits.
We provide ERP implementation and post-implementation services, including:
- Assessing potential risks by closely analysing the IT solutions behind key business processes and proposing concrete action to mitigate risks
- Aligning IT landscape with company business strategy
- Planning effective business process optimisation
- Making specific recommendations to ensure that IT environment is robust, flexible, and scalable and that it delivers the functionality required
We ensure that systems deliver the results companies need in day-to-day operation by:
- Reviewing all aspects of client’s implementation prior to go-live
- Providing the tools and information companies need to maximise the performance of the infrastructure following go-live
We optimise the solution, boost performance and maximise value by:
- Assessing the value of a live ERP solution and making sure it delivers the expected cost benefits and business improvements
- Assisting with the standardization and management of data
- Streamlining business processes and maximising the ROI of an ERP solution
- Proactively identifying and eliminating technical issues in the IT environment