Cyber Risk Services

As organizations adopt more and varied ways of interacting with employees, constituents, customers and partners, securing proprietary information and other critical business assets becomes exponentially more difficult, and regulatory requirements more stringent. Addressing an ever-changing set of requirements–typically with finite budgets and security talent–presses business leaders to be more risk-focused in prioritizing their security investments. SECURE services help clients establish controls and processes around their most sensitive assets, balancing the need to reduce risk, while also helping to enable productivity, business growth, and cost optimization objectives. Change and innovation don’t have to be the enemy of security. We can help.

1. Enterprise Application Integrity (EAI) solutions help organizations build the controls they need to protect enterprise resource planning (ERP), customer relationship management (CRM), and other core business applications.
2. Identity and Access Management (IAM) solutions leverage Deloitte’s IAM Methods 2.0 methodology to help clients control which employees, customers, partners and suppliers access sensitive corporate resources, and streamline the process of managing the explosion in “digital identities.”
3. Privacy and Data Protection (PDP) services help clients protect personally identifiable information (PII) and other sensitive data, reducing the risk of data breaches, while also supporting the need for flexible and timely access by a wide range of corporate users.

Back to top

Vigilant, Inc.’s security monitoring and cyber threat intelligence services are now part of Deloitte’s portfolio of security solutions for high-risk industries.

As it becomes increasingly difficult to prevent infiltrations and unauthorized activity, organizations need threat awareness and advanced detection and intelligence solutions to rapidly identify unauthorized or anomalous activity in their environments. VIGILANT services leverage deep experience with analytic and correlation technologies to help clients develop monitoring capabilities focused on critical business processes. By integrating threat data, IT data, and business data, security teams are equipped with context-rich alerts to help prioritize incident handling and streamline incident investigation. You can’t respond to threats you can’t see. We can help.

1. Security Operations Center (SOC) Development services help clients with tools, technologies and processes for effective, risk-aligned detection and incident handling, including capabilities for application security and privileged user monitoring.
2. Security Information and Event Management (SIEM) Optimization services help clients leverage SIEM technologies for actionable visibility across the IT environment.
3. Vigilant Fusion Services provide outsourced Security Operations, Managed Regulatory and Threat Detection support. This can include remote management of the client premise monitoring technologies; integration of threat intelligence; development of monitoring for prioritized alerting when applications, business processes, or critical assets may be compromised; and support for threat and incident analysis.
4. Threat Intelligence and Research solutions provide threat data and integration services to automate detection of malicious activity, supported by customized threat research to help companies identify emerging targeted threats and take preemptive action.

Back to top

Given the ever-changing nature and complexity of today's business ecosystems, the technology environments and cyber threat environments, business leaders are beginning to accept that not all cyber incidents can be prevented. Of the cyber-attacks and breaches that do occur, some may become full-blown business crises. How damaging they become could depend, in part, on how rapidly the situation can be analyzed, how decisively leaders take action and how effectively teams interact with customers, media, legal counsel, law enforcement and industry peers. Resilient services help clients be prepared. Don't wait until a cyber-attack happens. We can help.

1. Cyber Crisis Management services help clients develop playbooks, policies and skillsets to support quick, effective cyber incident response.
2. Cyber War-Gaming and Simulation services create environments for teams to rehearse their response to staged incidents, allowing them to develop "muscle memory" and identify areas that may need to be improved in order to prepare for a real-world situation.
3. Disaster Recovery services provide support to enact contingency plans and return technical operations to a normal state following a cyber-attack or other disruption. 
4. Cyber Incident Response Support services dispatch skilled technical and crisis management personnel when an incident occurs to assist in technical analysis, containment and post-incident recovery.

Back to top

It is more challenging than ever to keep pace with leading security practices and technologies, the regulatory landscape, and evolving cyber threats. Selectively outsourcing aspects of the cyber risk program can help contain costs, broaden coverage, provide access to subject matter specialist, and guidance to mature operational capabilities.
Compared to the broad range of companies that focus on standardized programs for managing security devices and technologies, the mission of Deloitte’s managed security services is to deliver higher value offerings that support our clients’ transformation to a Secure.Vigilant.Resilient. cyber risk approach.

Offerings are organized into two areas:

1. Application Management Services help clients manage the security and integrity controls pertaining to enterprise applications, and the underlying infrastructure components, to support key risk and compliance management functions.

2. Vigilant Fusion Services provide outsourced security operations, managed regulatory and threat detection support. This can include remote management of SIEM or other on-premise monitoring technologies; integration of threat intelligence; support for threat and incident analysis; and platform development for advanced alerting when applications, business processes, or critical assets may be compromised.

Back to top

To grow and thrive, organizations are increasingly dependent on their complex technology ecosystems to connect with customers and constituents in new ways, to increase reach and profitability, and to garner data-driven insights for strategic decision-making. But as cyber-attacks occur with greater frequency and severity, board members and executives are becoming aware that technology-based innovations and initiatives also open doors to cyber risks.

Traditional security programs have often been unsuccessful in unifying the need to both secure and support technology innovation required by the business. Deloitte's Cyber Risk Program Development and Governance services support the transition to an executive-led cyber risk program that balances requirements to be secure, vigilant and resilient in line with the risk appetite of the organization.

Services include:

1. Cyber risk and IT security program assessments, conducted on an enterprise-wide basis for specific business areas, provide insight on areas of strength and weakness and guide ongoing investment and organizational transition strategies.
2. Executive cyber threat awareness programs help business leaders gain a better understanding of the cyber risk landscape, including how it may impact their particular organization, and establish cyber risk management priorities.
3. The CISO transition lab is a one-day experience designed to help newly appointed CISOs develop a 180-day action plan to lead the cyber risk program, focusing on management of time, talent and stakeholder relations.
4. Governance, Risk and Compliance (GRC) services help organizations develop practical solutions to achieve better visibility over key components of the cyber risk program, leveraging leading vendor GRC platforms or custom-built solutions.

Back to top