Global network


Federal Cyber Risk Services

Make your agency Secure.Vigilant.Resilient.™

Federal agency security investments are at an all-time high, yet cyber-attacks are still on the rise, both in number and sophistication. While today’s constantly evolving, fast-paced technology powers new strategic and mission initiatives, it also opens new doors for cyber criminals. Our Secure.Vigilant.Resilient. approach helps you manage the cyber risk you know and get ahead of the ones you don’t.

The imperative to be secure, vigilant, and resilient

Being secure: You can’t secure everything equally. Being secure means focusing protection around the risk-sensitive assets at the heart of your federal agency’s mission.

Being vigilant: By carefully plotting the motives and psychology of adversaries, and considering the potential for accidental damage, cyber risk strategists anticipate what might occur and design detection systems accordingly.

Being resilient: If response to cyber incidents is viewed as primarily a technical function, you will likely not be equipped for decisive action.

A Secure.Vigilant.Resilient.™ cyber risk program is not just about spending money differently—it’s a fundamentally different approach. Secure.Vigilant.Resilient. programs have some common characteristics:

  • They are executive-led
  • They involve everyone
  • They’re programs, not projects
  • They are comprehensive and integrated
  • They reach beyond your wall

The following steps can help you move in the right direction:

  1. Put a senior leader at the helm
  2. Map threats to the agency assets that matter
  3. Launch priority projects for early “wins”
  4. Accelerate behavioral change through incentives and experienced-based awareness

Learn more about making your agency secure, vigilant, and resilient.

Back to top

What does it mean to be Secure, Vigilant, and Resilient?

Advanced cyber reconnaissance and analytics

The cyberthreat battle is often described as asymmetric: While defenders are compelled to plug every security gap in their complex, changing environments, the attacker only needs to take one successful action to achieve their “win.”

Deloitte Risk and Financial Advisory’s Cyber Reconnaissance and Analytics, powered by Cray, helps level the battlefield. By revealing what your organization looks like to an adversary, and improving your ability to detect suspicious activity already occurring, Cyber Reconnaissance and Analytics helps you take preemptive action to address potential weaknesses and proactively diagnose these behaviors to derail attack campaigns, many of which may already be “in progress” or part of a multi-staged attack.

Understand your organization through an adversarial lens.

Back to top

Strategy and Governance

Achieving and maintaining a Secure.Vigilant.Resilient. posture requires ongoing effort to define an executive-led cyber risk program, track progress, and continuously adapt the program to shifting agency strategies and the evolution of cyber threats.

Strategy and Assessment projects develop actionable roadmaps to support the evolution of legacy IT security programs into Secure.Vigilant.Resilient.™ programs.

Enterprise Security Architecture defines next generation architecture to support agency innovation and mitigate emerging threats.

Governance, Risk, and Compliance services provide risk transparency to agency leaders, line managers, and other stakeholders through technology implementation and data integration.

Third-Party Risk services assist in managing cyber and operational risks across the extended agency.

Back to top

Chess piece

Managed Services

Deloitte’s tailored, high-touch managed, and subscription services can help you operate more efficiently, address talent shortages, achieve more advanced capabilities, and keep on track with your overall cyber risk program objectives.

Back to top

Mouse Stick

The eISCMS approach

eISCMS: enterprise Intelligent Security Configuration Management as a Service

Agencies spend enormous amounts on managing the security configurations of tens of thousands of devices. As an agency expands or teams with others, their responsibilities grow, requiring the protection of new capabilities and, most importantly, data. Deloitte Risk and Financial Advisory offers continuous system and device configuration, including advanced, threat-aware secure configuration design, and automated configuration execution using market-leading technologies.

Learn more about eISCMS as a service.

Back to top

Road surrounded by trees

Our collection of insights

Augmented Security: How cognitive technologies can address the cyber workforce shortage

Demand for adequately trained and knowledgeable cyber personnel far exceeds the available talent pool, and it’s unlikely to get better anytime soon. New strategies—like combining cognitive technologies with cybersecurity professionals—should be devised to best utilize the available talent and meet public and private cybersecurity objectives.

Beneath the surface of federal cyberattacks

Diving deeper into federal cybersecurity attacks. Beneath the surface of a cyberattack is intended to shed light on a broad set of mission impacts that are overlooked in most conversations about cyber risk. By viewing cyber risk through a wider lens, agencies can ultimately improve their ability to survive and thrive in the face of increasingly likely cyberattacks.

Prioritizing IT spending through cyber risk assessments

Changes and emerging trends in federal information technology make it critical for federal chief information officers and chief financial officers to work together to understand organizational challenges, and to collaborate on solutions to defend against evolving cyber threats—prioritizing their cyber preparedness in association with financial and mission-critical activities.

Government’s cyber challenge: Protecting sensitive data for the public good

For government, cybersecurity isn’t only a challenge—it’s a big obstacle to long-awaited digital transformation. Plus, the stakes are sky-high: Hacking public-sector information might imperil national security as well as citizens’ trust. Is government up to the task?

3D opportunity and cyber risk management

While cyber risk is pervasive, additive manufacturing (AM) is one area where it can be especially dangerous, due to AM’s reliance on digital files and connectivity, and the impact on multiple parties through the supply chain.

A world beyond passwords: Improving security, efficiency, and user experience in digital transformation

There’s a reason why many of us use the same password for every login: Who can remember dozens of different combinations of numbers and letters? Technology is on the verge of rendering passwords obsolete, bolstering security as well as making users and customers happier.

For more insights, check out the entire Deloitte Insights Collection on cyber risk.

Back to top

Lock the keyboard

Cybersecurity is becoming increasingly vital to accomplish mission objectives, which means agencies should consider instituting a culture of cybersecurity rather than looking at technology to support control and/or compliance issues.

Deborah Golden, Federal Cyber Risk Services leader

In the news

Curbing the cybersecurity workforce shortage with AI
Source: Dark Reading – August 18, 2017

The internet of things vulnerability index
Source: Federal News Radio – November 04, 2016

How to flip the cyber threat paradigm
Source: FCW – November 01, 2016

Enlisting airport employees to help mitigate insider threats
Source: Security Magazine – October 25, 2016

Six ways cities can make cybersecurity a top priority
Source: Govtech – October 20, 2016

A cyber risk imperative: All hands on deck
Source: Wall Street Journal – September 07, 2016

Back to top

For media inquiries, please contact:

Megan Doern
Deloitte Services LP
+1 202 368 0524

Our Federal Government Services teams bring fresh perspective—from inside and outside government—to help solve our nation’s biggest challenges. People, ideas, technology, and outcomes—all designed for impact.

Get in touch

Deborah Golden

Deborah Golden

Principal | Deloitte Risk and Financial Advisory

Deborah is a Deloitte Risk and Financial Advisory principal and leads Cyber Risk Services for the Government & Public Services (GPS) practice of Deloitte & Touche LLP. She is also the GPS Empowered We... More