Federal Cyber Risk Services
Make your agency Secure.Vigilant.Resilient.™
Federal agency security investments are at an all-time high, yet cyber-attacks are still on the rise, both in number and sophistication. While today’s constantly evolving, fast-paced technology powers new strategic and mission initiatives, it also opens new doors for cyber criminals. Our Secure.Vigilant.Resilient. approach helps you manage the cyber risk you know and get ahead of the ones you don’t.
- The imperative
- Cyber risk services overview
- Advanced cyber reconnaissance and analytics
- Strategy and governance
- Managed services
- eISCMS as a service
- Our collection of insights
- In the news
- Federal Government Services
- Get in touch
- Join the conversation
- Related topics
The imperative to be secure, vigilant, and resilient
Being secure: You can’t secure everything equally. Being secure means focusing protection around the risk-sensitive assets at the heart of your federal agency’s mission.
Being vigilant: By carefully plotting the motives and psychology of adversaries, and considering the potential for accidental damage, cyber risk strategists anticipate what might occur and design detection systems accordingly.
Being resilient: If response to cyber incidents is viewed as primarily a technical function, you will likely not be equipped for decisive action.
A Secure.Vigilant.Resilient.™ cyber risk program is not just about spending money differently—it’s a fundamentally different approach. Secure.Vigilant.Resilient. programs have some common characteristics:
- They are executive-led
- They involve everyone
- They’re programs, not projects
- They are comprehensive and integrated
- They reach beyond your wall
The following steps can help you move in the right direction:
- Put a senior leader at the helm
- Map threats to the agency assets that matter
- Launch priority projects for early “wins”
- Accelerate behavioral change through incentives and experienced-based awareness
Learn more about making your agency secure, vigilant, and resilient.
What does it mean to be Secure, Vigilant, and Resilient?
Advanced cyber reconnaissance and analytics
The cyberthreat battle is often described as asymmetric: While defenders are compelled to plug every security gap in their complex, changing environments, the attacker only needs to take one successful action to achieve their “win.”
Deloitte Risk and Financial Advisory’s Cyber Reconnaissance and Analytics, powered by Cray, helps level the battlefield. By revealing what your organization looks like to an adversary, and improving your ability to detect suspicious activity already occurring, Cyber Reconnaissance and Analytics helps you take preemptive action to address potential weaknesses and proactively diagnose these behaviors to derail attack campaigns, many of which may already be “in progress” or part of a multi-staged attack.
Strategy and Governance
Achieving and maintaining a Secure.Vigilant.Resilient. posture requires ongoing effort to define an executive-led cyber risk program, track progress, and continuously adapt the program to shifting agency strategies and the evolution of cyber threats.
Strategy and Assessment projects develop actionable roadmaps to support the evolution of legacy IT security programs into Secure.Vigilant.Resilient.™ programs.
Enterprise Security Architecture defines next generation architecture to support agency innovation and mitigate emerging threats.
Governance, Risk, and Compliance services provide risk transparency to agency leaders, line managers, and other stakeholders through technology implementation and data integration.
Third-Party Risk services assist in managing cyber and operational risks across the extended agency.
Deloitte’s tailored, high-touch managed, and subscription services can help you operate more efficiently, address talent shortages, achieve more advanced capabilities, and keep on track with your overall cyber risk program objectives.
The eISCMS approach
eISCMS: enterprise Intelligent Security Configuration Management as a Service
Agencies spend enormous amounts on managing the security configurations of tens of thousands of devices. As an agency expands or teams with others, their responsibilities grow, requiring the protection of new capabilities and, most importantly, data. Deloitte Risk and Financial Advisory offers continuous system and device configuration, including advanced, threat-aware secure configuration design, and automated configuration execution using market-leading technologies.
Learn more about eISCMS as a service.
Our collection of insights
Demand for adequately trained and knowledgeable cyber personnel far exceeds the available talent pool, and it’s unlikely to get better anytime soon. New strategies—like combining cognitive technologies with cybersecurity professionals—should be devised to best utilize the available talent and meet public and private cybersecurity objectives.
Diving deeper into federal cybersecurity attacks. Beneath the surface of a cyberattack is intended to shed light on a broad set of mission impacts that are overlooked in most conversations about cyber risk. By viewing cyber risk through a wider lens, agencies can ultimately improve their ability to survive and thrive in the face of increasingly likely cyberattacks.
Changes and emerging trends in federal information technology make it critical for federal chief information officers and chief financial officers to work together to understand organizational challenges, and to collaborate on solutions to defend against evolving cyber threats—prioritizing their cyber preparedness in association with financial and mission-critical activities.
For government, cybersecurity isn’t only a challenge—it’s a big obstacle to long-awaited digital transformation. Plus, the stakes are sky-high: Hacking public-sector information might imperil national security as well as citizens’ trust. Is government up to the task?
While cyber risk is pervasive, additive manufacturing (AM) is one area where it can be especially dangerous, due to AM’s reliance on digital files and connectivity, and the impact on multiple parties through the supply chain.
A world beyond passwords: Improving security, efficiency, and user experience in digital transformation
There’s a reason why many of us use the same password for every login: Who can remember dozens of different combinations of numbers and letters? Technology is on the verge of rendering passwords obsolete, bolstering security as well as making users and customers happier.
For more insights, check out the entire Deloitte Insights Collection on cyber risk.
Cybersecurity is becoming increasingly vital to accomplish mission objectives, which means agencies should consider instituting a culture of cybersecurity rather than looking at technology to support control and/or compliance issues.
– Deborah Golden, Federal Cyber Risk Services leader
In the news
Curbing the cybersecurity workforce shortage with AI
Source: Dark Reading – August 18, 2017
The internet of things vulnerability index
Source: Federal News Radio – November 04, 2016
How to flip the cyber threat paradigm
Source: FCW – November 01, 2016
Enlisting airport employees to help mitigate insider threats
Source: Security Magazine – October 25, 2016
Six ways cities can make cybersecurity a top priority
Source: Govtech – October 20, 2016
A cyber risk imperative: All hands on deck
Source: Wall Street Journal – September 07, 2016
Our Federal Government Services teams bring fresh perspective—from inside and outside government—to help solve our nation’s biggest challenges. People, ideas, technology, and outcomes—all designed for impact.