Deloitte's Cyber Risk Capabilities Cyber Strategy, Secure, Vigilant

Deloitte’s Cyber Risk capabilities Cyber Strategy, Secure, Vigilant, and Resilient Contents Home

Foreword

Foreword by Deloitte Cyber Risk Global Leaders 03 Application Protection 20 Cyber Strategy Deloitte’s global network of Identity and Access Management 22

Cyber Intelligence Centers (CICs) 04 Information Privacy and Protection 24 Secure Deloitte’s Cyber Risk awards and recognitions 05

Deloitte’s Cyber Risk portfolio 06 Vigilant 28 Vigilant Advanced Threat Readiness and Preparation 29

Cyber Strategy 07 Cyber Risk Analytics 31 Resilient Cyber Strategy, Transformation, and Assessments 08 Security Operations Center (SOC) 33

Cyber Strategy Framework (CSF) 10 Threat Intelligence and Analysis 35 Contacts Cyber Risk Management and Compliance 11

Cyber Training, Education, and Awareness 13 Resilient 37 Cyber Incident Response 38 Secure 15 Cyber Wargaming 40 Infrastructure Protection 16

Vulnerability Management 18 Contacts 42 Next

2 Foreword Home Foreword

Foreword

Deloitte global network of Cyber Intelligence Centers (CICs) In an era of rapid digital transformation and the Deloitte Cyber awards and recognitions proliferation of ever increasing amounts of data, cyber Deloitte Cyber Risk portfolio End-to-end cybersecurity risk is rising up the priority scale at organizations of all sizes and in all industries. Cyber Strategy

Deloitte’s experience demonstrates This enables us to collectively deliver Nick Galletto that clients implementing cyber risk a large number of projects every Global and Americas Cyber Secure Risk Leader models that anticipate threats not only year in advisory, implementation, deal more effectively with them. They and managed services tailored to the also achieve better business results, precise, individual needs of each client. Vigilant Chris Verdonck reflected in growth in their bottom EMEA Cyber Risk Leader lines. Deloitte’s Cyber Risk practice provides the same exceptional quality of service Resilient Our practitioners provide capabilities in all 14 capability areas showcased in across the four main domains of cyber this document. James Nunn-Price Contacts risk—Cyber Strategy, Secure, Vigilant, Asia Pacific Cyber Risk Leader and Resilient.

Deloitte’s alliances with vendors globally provide access to a range of cyber risk technologies. Next

3 Home Deloitte’s global network of center

Our solutions are supported by Foreword Deloitte’s network of CICs Cyber Intelligence Centers (CICs) Foreword Deloitte global network of Cyber Intelligence Centers (CICs)

Deloitte Cyber awards and recognitions

Deloitte Cyber Risk portfolio End-to-end cybersecurity

Cyber Strategy

Offers solutions that help its clients protect business assets and mature their security posture, Secure while proactively detecting, responding and recovering from security events. These services are delivered through a global network of CICs, which operate around the clock, 365 days a year Vigilant to provide fully customizable, industry aligned managed security solutions including advanced security event monitoring, threat analytics, cyber threat management, and incident response for Resilient businesses to meet the increasing market demand in cybersecurity services.

Contacts

4 Deloitte’s Cyber Risk awards and recognitions Home Foreword

Foreword

Deloitte global network of Cyber Intelligence Centers (CICs) Deloitte ranked #1 Deloitte named a Deloitte named a global Deloitte qualified Deloitte Cyber awards and recognitions globally in security global leader in leader in security professionals Deloitte Cyber Risk portfolio consulting by Gartner cybersecurity consulting operations consulting by End-to-end cybersecurity (fifth consecutive year) by ALM Intelligence ALM Intelligence (2016) Our consultant of all grades hold key professional and industry certifications, such as CISSP, Cyber Strategy Gartner, a technology research ALM Intelligence named Deloitte ALM Intelligence (a research firm, CISM, ISO27001, COBIT, ITIL, company, has once again ranked a leader in Cybersecurity formerly known as Kennedy) CDPP, CEH, and many others. Deloitte #1 globally in Security Consulting in its report entitled notes, “The firm’s emphasis on We have won many awards, Consulting, based on revenue, in Cybersecurity Consulting 2015. aligning SOC initiatives to what including the Global CyberLympics Secure its market share analysis entitled The report notes: “The firm’s matters to the business— for five years in a row. Market Share: Security Consulting notable depth across the breadth including legal and regulatory Services, Worldwide, 2016. This is of the cybersecurity consulting requirements and education on the fifth consecutive year that portfolio coupled with its ability threat actors —makes Deloitte an Vigilant Deloitte has been ranked #1. to effectively communicate and elite firm among its peers when it work with the span of a client comes to building a case for Source: Gartner, Market Share organization (boardroom down investment that resonates with Resilient Analysis: Security Consulting to IT operations) solidifies its business-side stakeholders.” Services, Worldwide, 2016. position in the vanguard.” Elizabeth Kim. 27 June 2017. Source: ALM Intelligence; Security Contacts Source: ALM Intelligence, Operations Center Consulting 2015; Cybersecurity Consulting 2015; © 2015 ALM Intelligence estimates © 2016 ALM Media Properties, LLC. ALM Media Properties, LLC. Reproduced under license. Reproduced under license.

5 Deloitte’s Cyber Risk portfolio Home End-to-end cyber risk services Foreword Foreword

Deloitte global network of Cyber Intelligence Centers (CICs)

More than 10,000 cyber risk professionals globally Deloitte Cyber awards and recognitions

Deloitte Cyber Risk portfolio End-to-end cyber risk services

Cyber Strategy Secure Vigilant Resilient Advise

We help executives develop We focus on establishing We integrate threat data, We combine proven proactive Cyber Strategy a cyber risk program in line effective controls around the IT data, and business data and reactive incident with the strategic objectives organization’s most sensitive to equip security teams with management processes and risk appetite of the assets and balancing the context-rich intelligence and technologies to rapidly Secure organization. need to reduce risk, while to proactively detect and adapt and respond to cyber Delivery models Delivery

enabling productivity, manage cyberthreats and disruptions whether from Implement business growth, and cost respond more effectively to internal or external forces. optimization objectives. cyber incidents. Vigilant

Infrastructure Protection Cyber Strategy, Advanced Threat Resilient Transformation, and Vulnerability Management Readiness and Assessments Preparation Application Protection Cyber Incident Response Cyber Risk Management Cyber Risk Analytics Contacts

and Compliance Identity and Access Cyber Wargaming Manage Management Security Operations Center Cyber Training, Education, Threat Intelligence and Awareness Information Privacy and Protection and Analysis

6 Cyber Strategy Home Foreword

We help executives develop a cyber risk program in line with the Cyber Strategy Cyber Strategy, Transformation, and strategic objectives and risk appetite of the organization. Assessment

Cyber Risk Management and Compliance

Cyber Training, Education, and Awareness

Secure

Vigilant

Resilient

Contacts

7 Cyber Strategy, Transformation, Home

Foreword and Assessment Foreword

Challenges Key solutions Cyber Strategy Organizations increasingly depend on Cyber Strategy, Strategy organizations transform to improved cyber Transformation, and complex technology ecosystems for several Cyber Strategy, governance, security, vigilance, and resilience. Assessment key purposes: to interact in new ways with Roadmap, and Architecture Cyber Risk Management customers and third-parties; to use data to Advise | Implement Cyber Maturity Assessments and Compliance improve decision-making; and to increase Defines cyber strategies, actionable cyber Cyber Security Advise | Implement | Manage Cyber Training, Education, reach and profitability. roadmaps, and reference architectures in line and Awareness with the findings of a maturity assessment. Enables organizations to identify and As cyberattacks become more frequent and Recommendations are based on a defined understand their key business risks and severe, board members and executives are target state that is determined by the cyberthreat exposures. This supports CyberSecure Vigilance seeing that technology-based initiatives open organization’s threat exposure. measurement of their cyber maturity, doors to cyber risks. either using industry-standard frameworks Cyber Target Operating Model or Deloitte’s proprietary Cyber Strategy Vigilant How we can help Advise | Implement Framework. Cyber Resilience Constructs an appropriate target state for Cyber Risk Quantification Our services help organizations establish cyber risk roles, responsibilities, related their strategic direction and structures, and processes, and governance functions. Advise | Implement Resilient develop effective cyber risk reporting. They These take into account the organization’s Provides the information needed to make support the creation of executive-led cyber existing structure, team capabilities, resource security investment decisions. Deloitte uses risk programs. They take account of the client’s availability, and third-party ecosystem. unique methods to quantify both the client’s Contacts risk appetite, helping organizations identify risk and the expected risk mitigation offered by and understand their key business risks and Cyber Transformation Deloitte security investments. cyberthreat exposures. Advise | Implement | Manage Mobilizes, manages, and delivers a structured and prioritized program of work to help Next

8 Cyber Strategy, Transformation, Home

Foreword and Assessment Foreword

Key differentiators Deloitte’s own Cyber Strategy Framework Cyber Strategy (the next page contains details on the framework) Cyber Strategy, Strategy •• The Deloitte Cyber Strategy framework Transformation, and measures cyber posture and threat Assessment exposure. Cyber Risk Management and Compliance Cyber Security •• A leading catalog of good practice Cyber Training, Education, standards for cyber risk, with proven and Awareness success across industry sectors.

CyberSecure Vigilance

Vigilant Cyber Resilience

Resilient

Contacts

9 Cyber Strategy Framework (CSF) Home

Foreword Three fundamental drivers that Foreword drive growth and create cyber risks: Innovation Information sharing Trusting people Cyber Strategy Managing cyber CEO: CIO: Board: “I read about phishing “Where and how much do “What is our level of Cyber Strategy, Strategy risk to grow in the news. Are we I need to invest to optimize resilience against these Transformation, and and protect exposed?” my cyber capabilities?” cyberattacks?” Assessment Cyber Risk Management and Compliance business value Organizations need a holistic, business-driven, and threat-based approach to manage cyber risks. Cyber Security While securing assets is important, being vigilant, and resilient in the face of cyberattacks is imperative. Cyber Training, Education, The Deloitte CSF is a and Awareness business-driven, threat-based Business risks Threat landscape Cyber capabilities approach to conducting Secure Cyber Vigilance cyber assessments based What is my What tactics Take a measured, risk-prioritized Secure business might they approach to defend against on an organization’s specific strategy? What are they use? known and emerging threats A strong cyber business, threats, and What is interested in? Governance risk program my risk Identify top helps drive capabilities. CSF incorporates Vigilant appetite? What are risks, align growth, Vigilant Who are my Develop situational awareness Cyber Resilience my crown investments, a proven methodology to adversaries? and threat intelligence to protects value, jewels? develop an assess an organization’s cyber identify harmful behavior and helps executive-led executives to resilience; content packs cyber risk be on top of Resilient program cyberthreats Resilient which enable us to conduct Have the ability to recover assessments against specific from and minimize the impact of cyber incidents standards; and an intuitive online platform incorporating Contacts a range of dashboards that can be customized for an executive, managerial, and Understand Understand Understand Focus on Define target Develop Enhance Communicate the business my threat current maturity the right maturity level of cyber strategy value from with internal operational audience. context and landscape level of cyber priorities cyber capabilities and roadmap cyber security and external objectives capabilities recommendations investments stakeholders Next

10 Cyber Risk Management Home and Compliance Foreword

Challenges Key differentiators Cyber Strategy Understanding the current status of an Cyber Strategy, •• Mature proprietary methodologies and Transformation, and organization’s security posture requires tools, complemented by vendor alliances. Assessment constant evaluation of evolving risks, Cyber Risk Management security standards, and cyber regulations. •• Strong experience in integrating cyber and Compliance

risk into the broader enterprise risk Cyber Training, Education, Today’s complex and distributed IT management framework. and Awareness landscape and third-party involvement means organizations must take a structured •• Deep knowledge and experience with security control frameworks approach to understanding the road ahead. Secure and regulations. How we can help Deloitte’s diverse experience in managing cyber Vigilant risk and compliance can help organizations: define tailored cyber risk management frameworks; support risk transfer via cyber Resilient insurance; set and implement cyber-control frameworks; and ensure compliance with cybersecurity regulations. Contacts

11 Cyber Risk Management Home and Compliance Foreword

Key solutions Cyber Strategy Cyber Strategy, Cyber Risk Management Security Control Framework Transformation, and Assessment Advise | Implement Advise | Implement Cyber Risk Management Defines framework and methodologies to Defines tailored security-control and Compliance assess cyber risks in order for the frameworks based on best practices as Cyber Training, Education, organization to understand their guiding principles. Develops policies, and Awareness magnitude and make informed decisions procedures, and standards. that align the organization’s risk appetite Third-Party Risk Management with the risks it faces. Secure Advise | Implement Cyber Risk Dashboarding Customizes services at each step of the Advise | Implement | Manage third-party cyber risk management lifecycle. Vigilant Designs and implements risk dashboard Provides end-to-end oversight of the constituents, including Key Risk Indicators third-party risk management program. (KRIs) and dashboards to facilitate effective monitoring of cyber risk from the Security and Regulatory Resilient boardroom to the network. Compliance Advise | Implement Cyber Insurance Assists and prepares compliance with Contacts Advise | Implement national and/or sectoral cybersecurity Evaluates coverage of existing insurance regulations. policies. Determines areas where residual cyber risk could be transferred to an insurer. Next

12 Cyber Training, Education, Home and Awareness Foreword

Challenges Key solutions Cyber Strategy Even with excellent people and technology Cyber Strategy, in place, the organization’s own employees Insider Risk Technical Cyber Training Transformation, and Assessment are the weakest link when it comes to Advise | Implement Advise | Implement cybersecurity. The so-called insider threat is Cyber Risk Management Helps organizations identify, monitor, Delivers both introductory and highly and Compliance real. Building secure defenses against outside and manage the main sources of insider specialized technical training in cybersecurity, threats is not enough if data is leaked from Cyber Training, Education, threat. We help to establish Potential Risk either on-site or through a purpose-built and Awareness within an organization. Indicators (PRIs) and create awareness of online platform. Our catalog of courses the main indicators of maturity in managing covers areas such as: Hacking, Secure How we can help insider risk. Development, Forensics, Reversing, Secure Industrial Control System (ICS) security, Deloitte can help to accelerate behavioral Cyber Security Awareness and Incident Response. change. Organizations that adopt the right Program behavior make themselves more secure, vigilant, Advise | Implement | Manage Certification Readiness Vigilant and resilient when faced with cyberthreats. Understands the current state of a Implement Delivers training to prepare employees Deloitte can help organizations develop company’s awareness level, defines a for qualifications such as Certified Resilient and embed a mature cyber risk culture by strategy, and develops a recognizable Information Systems Auditor (CISA), Certified defining, delivering, and managing programs, awareness campaign, multimedia content Information Systems Security Professional both online and on-site, to improve technical package, and communication tools. (CISSP), and Certified Information Security skills, foster security awareness, and plan Contacts Manager (CISM). other initiatives needed to effect digital transformation successfully.

13 Cyber Training, Education, Home and Awareness Foreword

Key differentiators Deloitte’s own Cyber Cyber Strategy Academy Online Platform Cyber Strategy, •• We deliver online and on-site technical Transformation, and training and awareness programs to Assessment clients and internal practitioners via Cyber Risk Management and Compliance a dedicated Cyber Academy Online Customizable Platform. Cyber Training, Education, and Awareness •• The Academy collaborates with universities and educational institutions Interactive to create expertise and professional Secure performance in the area of Cyber Security, with programs such as a Master’s Degree in Cyber Security among Measureable Vigilant our online postgraduate offering.

•• We work with leadership and learning psychologists, human resources, and Resilient cyber specialists to build and deliver the most effective learning and awareness courses tailored to each audience. Contacts

14 Secure Home Foreword

We focus on establishing effective controls around the Cyber Strategy organization’s most sensitive assets and balancing the need Secure to reduce risk, while enabling productivity, business growth, Infrastructure Protection and cost optimization objectives. Vulnerability Management Application Protection

Identity and Access Management

Information Privacy

Information Protection

Vigilant

Resilient

Contacts

15 Infrastructure Protection Home

Foreword

Challenges How we can help Cyber Strategy Hyper-connectivity is creating a new era for Deloitte has developed a set of services that cyber infrastructure. Ever more connected comprehensively address cybersecurity devices pose new cybersecurity challenges for challenges in the architecture, deployment, Secure public and private-sector organizations as the and maintenance of traditional and new Infrastructure volume of threats to their infrastructure rises. infrastructure and technologies. Protection

Vulnerability Management Devices connected to corporate Deloitte’s security professionals, Application Protection infrastructures need to continuously from diverse architecture, engineering, acquire, store, and use large amounts of data, and operational technology Identity and Access Management a significant proportion of which will backgrounds, are experts across be sensitive. Protecting this data against the evolving infrastructure and Information Privacy cyberattack is of paramount importance. product landscape. Information Protection

Today’s smart cybersecurity protects data Vigilant by using secure data platforms, clear data governance, and smart access protocols such as electronic finger printing. Resilient The development of new technologies will drive exciting innovations in Smart Cities, Smart Factories and the Internet of Things Contacts (IoT) as communication and automation control become ubiquitous.

16 Infrastructure Protection Home

Foreword

Key solutions Key differentiators Cyber Strategy

IoT Strategy, Roadmap, and Network Strategy and •• We offer secure, end-to-end Architecture Optimization solution-transformation capabilities, Secure from vision alignment to the design of Advise Infrastructure Advise | Implement | Manage secure products. Protection Reviews industrial and consumer product Analyzes client infrastructure to identify codes and delivers secure development and remedy the configuration of network Vulnerability Management practices to enhance clients’ capabilities components and help clients design their Application Protection in implementing next-generation network architecture into secure zones. Identity and Access Management connected products. We help organizations Anti-DDoS Attacks undertake readiness assessments, align Information Privacy Advise | Manage their IoT security vision with their overall Information Protection mission and vision statements, build IoT Analyzes organizations’ readiness to defend roadmaps and adapt traditional governance themselves against Distributed Denial models to new IoT developments. of Service (DDoS) attacks. We provide Vigilant cloud-based anti-DDoS protection for Cloud Security infrastructures, websites, and DNS servers. Advise | Implement | Manage Resilient Evaluates client requirements, assesses cloud usage, builds the business case and cloud roadmaps, and assists with Contacts cloud vendor evaluation.

17 Vulnerability Management Home

Foreword

Challenges How we can help Cyber Strategy Businesses rely on a stable and secure IT Deloitte offers the expertise of highly skilled environment as the foundation for driving new security professionals to help organizations digital innovations, and products. identify vulnerabilities. Deloitte’s team Secure works side by side with organizations to Infrastructure New security vulnerabilities are published on a remedy and manage these vulnerabilities. Protection daily basis and hackers are constantly looking Vulnerability Management for ways to gain access to systems and data. Our services include fully managed Application Protection vulnerability assessments from Identifying, managing, and correcting Deloitte’s award-winning ethical hackers Identity and Access Management vulnerabilities in an environment that consists and support in designing, implementing, of multiple applications, systems, and locations and operating vulnerability management Information Privacy is a significant management challenge. systems and processes. Information Protection

Supported by Deloitte’s network of CICs, Vigilant we offer a range of managed solutions including vulnerability assessments, remediation support, and vulnerability management advisory. Resilient

Contacts

18 Home Vulnerability Management center

Our solutions are supported by Deloitte’s network of CICs Foreword

Key solutions Key differentiators Cyber Strategy

Vulnerability Assessments Vulnerability Remediation •• Our professionals include a global pool Implement | Manage Support of award-winning ethical hackers. Secure Uses known hacking methods and Implement | Manage •• We utilize proven Deloitte methods Infrastructure vulnerabilities, tests the security of Configures and manages vulnerability and cutting-edge vulnerability Protection applications and IT systems, and management solutions providing insight management tools. Vulnerability Management achieves increased levels of security. into the business-relevant vulnerabilities Application Protection •• We offer a range of managed solutions Deloitte can undertake this work fully on that matter. including vulnerability assessments, Identity and Access behalf of organizations or complement Management Vulnerability Management remediation support, and vulnerability organization’s internal vulnerability Information Privacy assessment team. Capability Design management advisory. Information Protection Advise Hacking and Phishing Establishes vulnerability management as a Service processes, governance, capabilities, tools, Vigilant Manage and expertise for organizations. Deloitte will Provides regular insight into an enable an organization to identify, manage, organization’s potential vulnerabilities. and remedy issues with the various Resilient Many organizations perform security stakeholders involved in a timely way. tests only once while cyber criminals are constantly seeking to find and exploit new vulnerabilities. Contacts

19 Home Application Protection center

Our solutions are supported by Deloitte’s network of CICs Foreword

Challenges Key solutions Cyber Strategy Applications form a major part of every IT landscape. Ensuring they are protected Enterprise Application Security Secure by Design: requires secure design, implementation, Advise | Implement | Manage Secure SDLC Secure and configuration. Testing of the protection Assesses the current state of an Advise | Implement Infrastructure requires robust processes, dedicated organization’s applications and the Assesses an organization’s software Protection resources, and a skilled team. security controls on the application layers development life cycle (SDLC) to determine Vulnerability Management for enterprise systems. if security is properly incorporated. In Application Protection Many organizations find setting up such addition, we help organizations embed processes and acquiring and maintaining the Source Code Review Identity and Access Secure by Design principles and controls. Management required skills and knowledge to be a major Manage | Implement challenge. Information Privacy Analyzes application source code to Information Protection test for common mistakes. The analysis How we can help can be conducted through one-off application assessments or as an integral Deloitte software security specialists assist Vigilant part of an organization’s software organizations to thoroughly assess the development process. protection level of applications. Resilient With specialized knowledge of a large number of specific applications and secure development methods, Deloitte helps secure Contacts the design, development, and configuration of applications.

20 Application Protection Home

Foreword

Deloitte Application Source code analysis overview Cyber Strategy Security Platform Analysis and validation of sources Weaknesses found 15 21 Secure Source code review activities centralization Infrastructure Advanced reporting capacities 10 Protection Vulnerability Management Real-time activities progress feedback Active Application Protection Vulnerability lifecycle management 5 Managing Identity and Access Multi-vendor support Management 0 CWE and CVSS aligned GAST taxonomy Apr May Jun Jul Information Privacy 13,033 Analysis Validation of sources Information Protection Key differentiators

•• We leverage static application security Top CWEs detected Total analyzed lines Vigilant 12,000 2000 testing technology which enables the 11,522 client to be one step ahead, with 40 10,000 1500 percent portfolio coverage versus five 8,000 Resilient percent portfolio coverage using the 6,000 1000

traditional approach. 4,000 500 2,000 •• We help organizations raise their 687 Contacts 319 104 76 54 45 situational risk awareness and actionable 0 0 CWE CWE CWE CWE CWE CWE CWE 06 08 10 12 14 16 18 remediation insights, empowering them to 398 476 79 89 404 915 117 May May May May May May May regulate application portfolios effectively. Next

21 Identity and Access Management Home

Foreword

Challenges Key solutions Cyber Strategy The traditional network perimeter has faded. In response, organizations are increasingly IAM Drivers Identification and IAM Functionality Design and focusing on user identity assurance and Selection of IAM Investment Preparation for Implementation Secure information access controls. Areas Advise | Implement Infrastructure Advise Formalizes requirements, designs a fitting Protection Identity and Access Management (IAM) Defines the objectives for IAM, such as solution landscape by selecting the most Vulnerability Management provides tools, processes, and methods to enabling new information exchanges appropriate solution set, and transforms the Application Protection enhance the security of online transactions (e.g. low-friction customer registration), organization and its processes to optimize while minimizing friction in the user experience. Identity and Access more efficient compliance demonstration returns on IAM investments. Management IAM also provides a trusted environment for (e.g. risk-focused access reviews), and omni-channel communication between users Information Privacy enhanced controls (e.g. monitoring of IT IAM Platform Deployment (customers, business partners, and employees) Information Protection administrator actions). Implement and IT platforms. Makes the IAM vision a reality by Current State Assessments implementing IAM solutions to support Vigilant for IAM Components How we can help your IAM processes with Deloitte key Advise Identity and access are two of the key technology partners (SailPoint, OKTA, Assesses the current maturity of CyberArk, and ForgeRock). elements that underpin digital commerce and Resilient IAM-related controls and pinpoints automated business processes. Deloitte has Reach of IAM key improvement areas. established proven methodology to guide Platform Extension clients through the full IAM program lifecycle, Manage Contacts from defining a clear vision and strategy for secure access to information assets, to the Integrates business applications with the actual deployment and operation of IAM IAM platform to increase the reach of platforms, and integration with IT platforms. automated controls. Next

22 Identity and Access Management Home

Foreword

Key differentiators Identity and Access Management components Cyber Strategy

Access •• Business and user-centric view of Users control IAM as part of Deloitte DNA. Business Secure ERP partners •• Experience of global best practices Infrastructure and IAM solution architectures. Protection Contractors CRM Vulnerability Management •• Close solution partner network Application Protection with major IAM capability providers. Customers SCM Identity and Access Management

Information Privacy Employees Portal Information Protection Enter user ID admin requests Create, update, Vigilant Identity and retire governance & user IDs Master data administration Access IAM management connectors User ID Approver BU admin Resilient 1 HR

Auditors BU Identity Identity Report Contacts Provisioning 1 HR intergration repository engine Resource Audit owners reports Next

23 Information Privacy Home

Foreword

Challenges Key solutions Cyber Strategy Organizations need to be able to use, analyze, and share their data while ensuring Privacy/GDPR Maturity an extensive toolkit including privacy impact compliance with invasive regulatory Assessments and Roadmap assessments, GDPR/Data Protection Officer Secure control and customer/employee privacy (DPO) helpdesk, GDPR stress testing, data Advise | Implement Infrastructure expectations. inventory, and data mapping. Assesses and identifies the current state Protection of an organization’s GDPR readiness. This International Data Transfer Strategy Vulnerability Management Greater reliance on effective data use, includes a prioritized and risk-based roadmap and Implementation Application Protection combined with increased regulation and that clearly identifies actionable mitigating control requirements, such as General Data Advise | Implement Identity and Access measures and short-term fixes. Management Protection Regulation (GDPR), puts significant Assesses and builds a contractual, regulatory, operational pressure on organizations. Privacy/GDPR Strategy and and operational framework for international Information Privacy Transformation Program data transfers. Includes guidance from start Information Protection This requires a holistic and integrated data Advise | Implement to finish related to, Binding Corporate Rules privacy approach to an environment that is (BCR) applications and implementation, allowing Builds a holistic and tailored transformation Vigilant often highly segmented. the effective sharing of personal data across program in close partnership with organizations. borders. We help organizations incorporate fit for purpose privacy solutions in their DNA. How we can help Privacy/GDPR training and Awareness Resilient With an excellent track record in turning Privacy by Design/Managed Implement privacy-related challenges into tested, Services (e.g. Data Protection Offers tailored GDPR awareness and training, modular, and pragmatic solutions, Deloitte Officer as a Service) on-site or via e-learning/classroom formats, Contacts is dedicated to supporting organizations in using, for example, the Deloitte Privacy Advise | Implement | Manage navigating privacy risk. Academy, and covering both GDPR compliance Provides hands-on, technology-enabled and its operational/technical implications. services and controls, using best practices, Next

24 • • Key differentiators Key • • in-depth data protection knowledge. protection data in-depth and tools privacy integrating hands-on, and holistic is methodology Deloitte solutions. privacy/GDPR data tailored ensures and experience GDPR tested and in-depth team has international integrated highly Our Information Privacy maturity model maturity protection Data and Privacy Information Customer trust Transparency 1. None according tomost Actual maturity organizations 2. Compliance 3. Riskaware 4. Governanc e accountability

5. Customer centricity Contacts Resilient Vigilant Strategy Cyber Foreword Home Information Protection Information Information Privacy Management and AccessIdentity Protection Application Management Vulnerability Protection Infrastructure Secure

25 Home Information Protection center

Our solutions are supported by Deloitte’s network of CICs Foreword

Challenges Key differentiators Cyber Strategy Organizations are expected to keep personal and corporate data confidential, yet data •• Team of experts who are technically breaches still occur. These can result in certified and experienced in complex Secure financial loss, regulatory sanction, and programs. Infrastructure reputation damage. Protection

Vulnerability Management Common challenges are identifying Application Protection organization’s business critical information and ensuring it is adequately protected Identity and Access Management in a world where the quick exchange of information is integral to business success. Information Privacy Information Protection How we can help We offer organizations access to market- Vigilant leading technical, business, and operational expertise to help them make informed decisions about their data. Resilient

Deloitte solutions cover the broad challenge of information protection, including risks arising Contacts from people and processes, as well as from technology.

26 Information Protection Home

Foreword

Key solutions Cyber Strategy

Data Loss Prevention (DLP) Information Classification Advise | Implement | Manage Advise | Implement Secure Assists in identification, monitoring, and Helps with integration and implementation Infrastructure protection of data in motion, at rest, of classification technology and programs. Protection in use, and in the cloud. Vulnerability Management People Risk Data Mapping and Data Application Protection Inventories Advise Identity and Access Advise | Implement Management Enables improved security awareness and culture, and understanding of insider threats Assists in understanding where data exists Information Privacy focused on protecting sensitive data. and how it is handles across the data Information Protection management lifecycle through data flow Cryptography diagrams and data inventories. Advise | Implement Vigilant Allows business integration and Privacy by Design implementation of enterprise key Advise | Implement management, rights management, and Enables the embedding of privacy into Resilient encryption solutions. the design and day-to-day operation of information technologies and business Data Governance practices; organizations can obtain Privacy Contacts Advise | Implement By Design Certification from Ryerson Enables monitoring of access activity and University leveraging Deloitte’s certification improved visibility of risks to stored data assessment framework. across the business. Next

27 Vigilant Home Foreword

We integrate threat data, IT data, and business data to equip Cyber Strategy security teams with context-rich intelligence to proactively Secure detect and manage cyberthreats and respond more effectively to cyber incidents. Vigilant Advanced Threat Readiness and Preparation

Cyber Risk Analytics

Security Operations Center

Threat Intelligence and Analysis

Resilient

Contacts

28 Home Advanced Threat Readiness center

Advanced Threat Readiness and Preparation services are Foreword and Preparation driven by and fed with the latest Cyberthreat Intelligence. Based on Deloitte’s world-wide network of CICs, we can follow and analyze the latest trends and attacks and use this information to generate realistic and up-to-date view of the organization’s threat landscape. Challenges Key solutions Cyber Strategy Threat techniques evolve daily in volume, intensity, and complexity as hackers seek new Advanced Threat Threat Readiness Advisory and vulnerabilities in software to compromise key Simulation / Red Teaming Remediation Secure systems across organizations. Advise | Implement Advise | Implement | Manage

Helps most mature organizations deal Carrying out occasional, intermittent Simulates comprehensive cyberattack with advanced threats guiding improvements Vigilant compliance-focused technical security that tests the organization’s prevention, of ROI on existing detection technologies. assessments is not enough. Much more is detection, and response mechanisms Advanced Threat By improving interaction between systems, Readiness and Preparation required to understand if organizations can and incorporates three core elements applying realistic use cases, and staff training. become compromised. of security: physical, cyber, and human. Cyber Risk Analytics The red team will perform realistic Cyber Compromise Assessment Security Operations Center attack scenarios to achieve predefined Advise | Manage Threat Intelligence How we can help objectives, using social engineering, and Analysis Deloitte helps organizations assess and phishing, physical penetration testing, Examines an organization’s network to prepare their IT infrastructure, software, and and network exploitation. identify potential compromised devices by third-parties by combining traditional ethical monitoring for malicious network traffic and Resilient Purple Teaming hacking principles and technical security suspicious network activity. Advise | Implement reviews with advanced services in which we EDGE: Emerging and Disruptive adopt a similar approach to that of an attacker. Combines a non-covert red team Technologies Evaluation Contacts engagement with a hybrid blue team made Advise Our services allow organizations to leverage up of Deloitte and the organization’s any detection or response-mechanisms security experts. Deloitte runs through Carries out security evaluations for already in place, augment these where realistic scenarios to test and verify new technologies and paradigms, helps necessary, and most importantly, ensure all detection and response capabilities. organizations to anticipate security risks systems work together seamlessly so that the associated with their newly-adopted Next whole is greater than the sum of its parts. technologies. 29 Advanced Threat Readiness Home and Preparation Foreword

Key differentiators Identify the weakest link with Cyber Strategy Deloitte Red, Blue, and Purple teaming •• With the Deloitte service-delivery model, organizations benefit from seamless Secure integration with their vulnerability lifecycle management tasks.

•• Our advanced services enable Vigilant

organizations to address emerging Advanced Threat threats from new and disruptive Readiness and Preparation

technologies. Cyber Risk Analytics •• We work with the latest open-source Security Operations Center and commercial technologies and can Threat Intelligence work with any technology an organization and Analysis might already have deployed. Resilient

Contacts Physical Human Cyber

30 Home Cyber Risk Analytics center

Our solutions are supported by Deloitte’s network of CICs Foreword

Challenges Key solutions Cyber Strategy The greatest challenge organizations face today is the sheer abundance of threats, Social Listening and Analytics SIEM Intelligence which makes it difficult to focus on those that Advise | Implement | Manage Advise | Implement Secure pose the highest immediate risk. Empowers organizations to do more than Improves SIEM services by assessing merely react to social media. We enable an organization’s SIEM and analytics How we can help them to protect themselves, leverage maturity and governance. We design Vigilant opportunities, and learn the risks from a SIEM evolution roadmap, and design Deloitte’s Cyber Risk Analytics services Advanced Threat these sources. and develop use cases, as well as assist use advanced methods to analyze current Readiness and Preparation in SIEM provisioning. cyberthreats and determine which are Monitoring and Correlation Cyber Risk Analytics relevant and have the highest potential impact Implement | Manage Security Operations Center on strategic business objectives. Threat Intelligence Enables organizations to view what and Analysis is happening in cyberspace through Our cyber risk analytics services are built advanced analytics. Either through around leading monitoring and correlation monitoring and correlation of events, log tools within the security information and event Resilient collection with Deloitte Managed Security management (SIEM) and behavioral analytics Services (MSS) platforms, or through Cyber markets. We employ various concepts, Risk Analytics and behavior analytics from log collection and correlation to Contacts tools deployed on-site. We manage all behavioral analysis. events 24/7, using the Deloitte Security Operations Centers. Armed with this information, organizations can focus resources on maintaining their desired security levels at minimum cost. Next

31 Cyber Risk Analytics Home

Foreword

Key differentiators Social Listening and Analytics Cyber Strategy throughout the organization •• A flexible, remotely managed service as well as an on-site delivery model. Secure

•• Rapid deployment of Managed Security Services (MSS) with no setup costs. UX Marketing Vigilant •• Broad experience with use cases and specific monitoring tools across a range Advanced Threat Readiness and Preparation of industries. Cyber Risk Analytics

Security Operations Center

Threat Intelligence and Analysis

Resilient

Contacts Security HR

Digital Communication

32 Home Security Operations center

Our solutions are supported by Center (SOC) Deloitte’s network of CICs Foreword

Challenges Key solutions Cyber Strategy Organizations need to develop their information security capabilities, to respond 24/7 Security threat monitoring SOC Cyber Security Dashboard faster, work more efficiently, and protect their Advise | Implement | Manage Advise | Implement | Manage Secure core business. To achieve this, it is imperative Offers a flexible and easily scalable service Defines and develops cyber risk metrics, that they have a mature SOC capability. in which a team of certified analysts indicators, and dashboards to provide work 24/7 to detect malicious activities. insight into the operational effectiveness Vigilant Specialist skills and technology platforms are Deloitte professionals operate and of the SOC. essential. Organizations often find it difficult Advanced Threat manage security information and event Readiness and Preparation to build, maintain, and resource a SOC. management (SIEM) platforms allowing Cyber Risk Analytics threat-hunting capabilities. Security Operations Center

How we can help SOC Capability Design and Threat Intelligence We provide managed SOC services, on-site Deployment and Analysis and hosted, which integrate event monitoring Advise | Implement and correlation with threat intelligence and a business-focused output. We also advise Assesses the people, process, and Resilient organizations on design and deployment technology aspects of an organization’s of their own SOC, and can help them establish SOC. Uses industry best practices to and develop their capabilities. design and deploy a tailored SOC solution. Contacts This enables organizations to identify and respond to the most severe threats they face.

33 Security Operations Home Center (SOC) Foreword

Key differentiators Deloitte’s 24/7 alert Cyber Strategy management approach •• Deloitte’s SOC is part of the CMU CERTNetwork, certified in ISO22301 Alert Secure and ISO27001. detection

•• Deloitte’s CICs benefit from numerous intelligence sources. Vigilant Monitoring insider threats, Advanced Threat applications, devices Readiness and Preparation Cyber Risk Analytics

Security Operations Center 24/7 alert management Threat Intelligence SIEM & analytics and Analysis

Security Resilient 24/7 recommendations Contacts

CyberSOC desk ticketing system

Specialists Next

34 Home Threat Intelligence center

Our solutions are supported by Deloitte’s network of CICs. Foreword and Analysis Intelligence sharing among CICs allows us to be aware of threats across different regions and businesses so that Deloitte is able to provide unique, valuable, and fresh information to clients. Challenges Key solutions Cyber Strategy Understanding the cyberthreat landscape is difficult as threats are continuously evolving. Cyberthreat Intelligence Threat Modeling Advise | Implement | Manage Advise | Implement | Manage Secure An integral approach to identifying threats Looks for potentially threatening events Identifies assets, threat actors, vulnerabilities, requires significant resources to gather, taking place outside the organization’s targets, methods, and associated filter, and interpret threat information from perimeter and provides custom insights in countermeasures to prevent or mitigate the Vigilant a wide variety of sources. line with the organization’s strategic and effects of potential threats on an organization. Advanced Threat intelligence requirements. Readiness and Preparation Cyber Trend Report How we can help Cyber Risk Analytics Forecasting Emerging Threat Advise | Manage Deloitte’s Threat Intelligence and Analysis Security Operations Center Manage Illustrates how threat actors work through services offer monitoring, collection, and Forecasts emerging threats, enabling a compilation of relevant threats across a Threat Intelligence analysis of events that may become threats and Analysis organizations to adapt their security set period of time and provides statistics, to your organization. methods and policies to future threats. trends and a summary of the organization’s cyberthreat landscape. Resilient Deloitte’s services provide actionable Intelligence Collection Grid intelligence that supports proactive defense Manage against potential cyberattacks and incidents. Collects and stores intelligence events Contacts from multiple sources around the globe and over time prevents, investigates, and forecasts threats.

35 Threat Intelligence Home and Analysis Foreword

Key differentiators Cyberthreat Cyber Strategy Intelligence 24/7 •• We provide a tailored Threat Intelligence service, not as a feed or a tool. Actionable Secure intelligence is properly distributed to prevent or mitigate threats that target the client’s business. Indexed Monitor Cyber Vigilance internet feeds, crawlers, •• Our experienced analysts undertake manual searches Advanced Threat research, analysis, and validation Readiness and Preparation

of threats. They are also at the Cyber Risk Analytics organizations disposal to attend to Security Operations Center specific intelligence requests that can arise throughout time. eCrime Threat Intelligence and Analysis Inﬁltration, networks hacking, carding, and hacktivism Resilient forums

Contacts

Deep web

36 Resilient Home Foreword

We combine proven proactive and reactive incident Cyber Strategy management processes and technologies to rapidly adapt Secure and respond to cyber disruptions whether from internal or external forces. Vigilant

Resilient

Cyber Incident Response

Cyber Wargaming

Contacts

37 Home Cyber Incident Response center

Our solutions are supported by Deloitte’s network of CICs Foreword

Challenges Cyber Strategy Cyberthreats are constantly evolving and increasing in volume, intensity, and complexity. Key solutions Cyber crisis management has therefore become Secure a major focus of management and the board. Cyber Crisis Management IT Resilience and Recovery Advise | Implement | Manage Advise It has become more likely that an attack can Assists your executive leadership to Provides support in enacting your Vigilant penetrate an organization’s defenses and security improve their strategic crisis management contingency plans and returning technical controls. When this happens organizations must decision-making capabilities, helping them operations to a normal state after a respond fast, thoroughly, and decisively. respond effectively to a large-scale crisis cyberattack or other disruption. Resilient event and emerge stronger. We have one of the largest, most respected teams Breach Notification and Response Cyber Incident How we can help Response of crisis and continuity management Advise | Implement Deloitte’s services provide organizations with a set professionals in the world. Cyber Wargaming of operational and strategic cyber capabilities in a Provides analysis and guidance for notification and response based on new single comprehensive solution, from preparation Cyber Incident Response to 24/7 real-time implementation and response. regulations which require specific responses Contacts Advise | Implement | Manage from organizations following a data breach. Deploys the Deloitte Cyber Incident We can help organizations to improve their Cyber Forensic Services cyber response capabilities, establishing a high Response team 24/7, enabling clients to Advise | Implement | Manage level of readiness through effective preparation, respond effectively and decisively to a training, and simulations. We provide real-time, cybersecurity incident. Deloitte specialists Investigates cybercrimes to determine the on-site, and 24/7 support for a cyber incident have experience dealing with a vast range nature, extent, means, and origin of an or crisis that could harm strategic objectives, of cyberthreats. incident. This supports organizations in any revenue, reputation, or viability. legal actions they may need to take. Next

38 Cyber Incident Response Home

Foreword

Our services are supported by the Deloitte Cyber Strategy Key differentiators network of CICs, providing 24/7 support with a dedicated Deloitte cyber response •• Deloitte’s experience in incident and ‘front office’. We shorten response times by crisis management minimizes the time leveraging Deloitte’s geographic breadth and Secure and resources needed to resolve depth. an emergency.

•• Deloitte’s understanding of business By dialing a regional Deloitte Response Vigilant and risk allows us to respond to incidents number, a client will immediately be from both a technical and a strategic connected to the integrated platform for all cyber crisis management services within perspective. Resilient Deloitte. Cyber Incident Response

Cyber Wargaming

Contacts

39 Cyber Wargaming Home

Foreword

Challenges Key solutions Cyber Strategy Organizations are not prepared to counter cyber crime unless they have been tested. Cyber Workshop prevention of, response to, and recovery An incident and crisis management response Advise from a cyber incident or crisis. Secure framework is not enough. Increases awareness and supports the Cyber Simulation Exercise development of cyber crisis management Organizations must test their defense plans plans, procedures, roles, and responsibilities. Advise | Implement Vigilant regularly if they are to be confident about They focus on detailed discussion of an Rehearses or stress-tests existing plans their ability to respond effectively to threats. unfolding pre-prepared scenario, often split and procedures against complex and multi-faceted cyber incidents or crises. into key incident/crisis response phases. Resilient How we can help We also run more technical ‘Breach Exercises are designed to take place in Readiness Workshops’ to help validate, a realistic, real-time, and ‘live’ controlled Cyber Incident The Deloitte Wargaming portfolio of services Response check, and challenge existing response environment – often involving multiple creates an environment for client teams to processes and playbooks. levels of an organization operating Cyber Wargaming simulate incidents and crises, allowing them to remotely on a global scale. They unfold develop coordinated responses and identify Cyber Table-Top Exercise through a variety of pre-prepared so- areas that need improvement in order to Contacts called ‘injects’ delivered by role players prepare for a real-world threat. Advise and experienced exercise facilitators. Guides teams in reviewing plans and Participants are immersed in the pressure These exercises are particularly relevant for processes, and practice their roles and of a real cyber-related crisis. cyberthreats that have the potential to turn into responsibilities. The exercises often focus a major corporate crisis, requiring a coordinated on sharpening specific skills (such as response from the communications and logging, conducting risk assessments, and corporate affairs functions, the board and rehearsing decision-making processes) non-executive directors. and identify opportunities to improve the Next

40 Cyber Wargaming Home

Foreword

Key differentiators Cyber Wargaming approach Cyber Strategy

•• Deloitte’s capability has been built Prepared through years of practical experience, Secure delivering hundreds of simulations at board, executive, and operational levels.

•• We use scenario-specific subject matter Vigilant experts, from within the organization or Deloitte, in order to tailor highly realistic scenarios in the organization’s own Resilient operating environment. Rehearsed Cyber Incident •• We use innovative simulation and Response wargaming techniques to engage and Cyber Wargaming challenge senior participants and get them thinking about ‘what keeps them Aware up at night’. This helps them to answer Contacts the questions often asked by key stakeholders, including customers

and regulators: Preparednes s - Are you and your organization ready to Cyber workshop Cyber table-top exercise Cyber simulation exercise deal with a cyber crisis? - Are your people clear of their roles and responsibilities during a cyber crisis? Next

41 Contacts Home

Foreword

Nick Galletto Cyber Strategy Global and Americas Cyber Risk Leader [email protected]

Chris Verdonck Secure EMEA Cyber Risk Leader [email protected]

James Nunn-Price Vigilant Asia Pacific Cyber Risk Leader [email protected]

Resilient

Contacts

Next Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www. deloitte.com/about to learn more about our global network of member firms

Deloitte provides audit & assurance, consulting, financial advisory, risk advisory, tax and related services to public and private clients spanning multiple industries. Deloitte serves four out of five Fortune Global 500 ® companies through a globally connected network of member firms in more than 150 countries and territories bringing world-class capabilities, insights, and high-quality service to address clients’ most complex business challenges. To learn more about how Deloitte’s approximately 245,000 professionals make an impact that matters, please connect with us on Facebook, LinkedIn, or Twitter.

This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the “Deloitte Network”) is, by means of this communication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person who relies on this communication.