Information & Technology Risk
Managing risk and uncertainty, from the boardroom to the network
To ensure future success, businesses need to be aware of all the risks that threaten their operations. Technology is a critical component of any operation and a key enabler for achieving business objectives. Awareness of technology risks and impacts is vital to making informed decisions and mitigating risk appropriately.
Getting controls right enables organisations to effectively manage risks and drive performance. It also keeps costs down, increases revenue, secures assets, and meets legal and regulatory compliance requirements, as well as the expectations of clients, partners and shareholders.
Deloitte service offering
Deloitte provides a broad range of services to respond to a fast-paced and ever-changing environment:
Deloitte's IT risk professionals help organisations deal with issues related to business process, technology, operational and financial risk. Our aim is to enable clients to measure, manage and control risk, thereby enhancing the reliability of processes and systems across the board.
Information Technology Audit
Evaluate the design and effectiveness of internal controls related to Information Technology through ad-hoc IT audits or assurance reports
Cyber Security Management
Bring information security under explicit management control through security transformation, security management and security operational assistance
Identity & Access Management
Bring Identity Relationships under explicit management control through solutions providing business alignment, risk mitigation and cost control
Business Continuity Management
Assist in organisation resilience by designing, implementing, maintaining and testing business continuity plans
De-perimeterisation Risk & Security
Address the challenges raised by de-perimeterisation and the move of IT assets, users and data outside the traditional network perimeter; includes propositions related to cloud computing and mobile devices/BYOD risk & security
Infrastructure and Operations Security
Defend against and limit the impact of a cyber attack through the evaluation, architecture and implementation of operational security processes
Defend against and limit the impact of a cyber attack through security assessment and remediation of IT infrastructure, software applications and wireless/mobile devices, including intrusion testing/penetration testing
Incident Response & Forensics
Defending against and limit the impact of a cyber attack through readiness assessment and supporting response to security incidents, including computer forensics
E-discovery & Litigation Support
Assess readiness and assist in responding to requests in the field of electronic documents collection and processing during legal proceedings
IT Regulatory Compliance in Financial Sector
Assess compliance with IT related regulations of the financial sector and assist in remediation through compliance assessments, assisting in communications with the Regulator, and definition of Target Operating Models
Privacy & Data Protection
Enhance privacy & data protection processes and solutions through requirements rationalisation, risk analysis & gap identification, and data protection & privacy programs
On January 7, 2013, the CSSF issued circular 13/554 entitled “Evolution of the usage and control of the resources access tools”.