Intelligent protection in the digital age

As organizations adopt more and varied ways of interacting with internal and external constituencies, securing proprietary information and other critical business assets becomes exponentially more difficult, and meeting regulatory requirements more complex. Organizations are increasingly the target of cyberattacks and subject to demanding regulatory mandates. Deloitte’s secure services help organizations establish effective controls around sensitive assets, and balances the need to reduce risk while enabling productivity, business growth, and cost-optimization objectives. We help clients invest in cybersecurity control and preventive measures, aligning investment with awareness of their key risks.

We help organizations assess and implement critical infrastructure protection, database and middleware protection, infrastructure penetration testing, network protection, physical protection, and platform protection.We help organizations design and implement internal controls, for application security testing, application security and privacy protection to address risks within in-house and externally developed applications, Enterprise Resource Planning (ERP) implementations/upgrades as well as business transformation projects.

  • Penetration Testing Infrastructures penetration testing; binary, web and mobile application penetration testing.
  • "Red Team" Testing Advanced penetration testing using TIBER-EU methodology.
  • Source Code Review Integrates security and privacy into the Software Development Life Cycle (SDLC) process, ensuring that privacy and security requirements are considered throughout all phases of the application’s life cycle. This results in reduced costs, traceability, increased security and compliance with privacy laws. Assesses efficiency of existing controls in the SDLC process and any development methodology.

We help organizations address the business processes, technology, and information supporting the authentication, authorization, and auditing of employees, contractors, customers, digitally enabled devices and other stakeholders requiring access to resources including data, applications, and systems. Effective Identity and Access Management solutions bring a combination of operational efficiency, compliance enablement, and risk management to the organization’s management of identity related information.

We support organizations drive digital transformation through building data protection and privacy capabilities as a key component of their business strategy.  Our Privacy offering help organizations proactively mitigate risks to meet standards and requirements found in laws, regulations and industry best standards. Our Data Protection offering takes an integrated view to managing data risk by considering how data is governed, accessed and used.

  • Privacy/GDPR Strategy and Transformation Program GAP Assessment and Implementation leading to GDPR compliance.
  • Privacy by Design/Managed Services (e.g., Data Protection Officer as a Service) Provides hands-on, technology-enabled services, tools, dashboards and controls. Offers integrated toolkits and advisory services, including privacy impact assessments, breach management and notification GDPR/Data Protection Officer (DPO) helpdesk, GDPR stress testing, third party management, data inventory, and data mapping.
  • Customer Breach Support and Response Helps clients minimize the impact of a data breach – by putting their customers at the heart of the response and hand holding them through the days and weeks following an incident. Includes customer breach notification plans and communications, and the scalable infrastructure and trained resource to engage, support and protect clients’ customers - and thus their organization - through the crisis.
  • Privacy/GDPR training, Awareness Offers tailored GDPR awareness and training, on-site or via e-learning/classroom formats, using the Deloitte Academy offering, and covering both GDPR compliance and its operational/technical implications.

We help our clients securely undertake cloud adoption to enable business modernization and accelerate the enablement of their business objectives. Our offerings deliver agile cyber defense and cover the full lifecycle from business planning, risk management, design, regulatory adherence, to operations, applications, and services and infrastructure.

  • Cloud Security Supports clients in the move towards secure, cloud-based, virtual data centers. Evaluates clients´ requirements, assesses cloud usage, builds business cases, develops a secure cloud operating model and assists with vendor evaluation. Helps clients implement and manage cloud-based cybersecurity solutions and tests cloud implementations for security weaknesses. Monitors cloud for security and compliance breaches as a managed service.


Andrei Ionescu

Andrei Ionescu

Partner-in-Charge Risk Advisory

Partner leading the Consulting and Risk Advisory service lines in the Romania & Moldova practice. Andrei has more than 20 years of experience in risk management, cyber risk, internal audit, fraud mana... More