Security and Privacy
Each organisation has its own non-transferrable operational requirements, such as protection of intellectual property and client data, providing comfortable and secure access to products and information as well as regulatory compliance.
Our integrated services relating to information and IT security include:
The current technology provides employees with unexpected possibilities. Miniature computers in the form of mobile phones have flooded the world and contribute to achieving unforeseen results. They allow employees to work virtually anywhere and any time, which results in greater efficiency and company profits. However, increasing efficiency and profit also has negative consequences, such as growing security risks resulting from the use of mobile devices in enterprise systems. This risk will multiply if employers are allowed to use their own devices based on different technology.
To be able to face these risks, we may assist you in launching mobile device management providing the following benefits:
- Reducing costs of IT device and service desk operation;
- Increasing the organisation's resistance to attacks from managed devices;
- Ensuring the significant mobility of employees; and
- Increased employee satisfaction.
Pro-active security management detects all vulnerabilities in companies and seeks to prevent external and internal threats. Although it is possible to implement strong mechanisms to control security and protection against external and internal hacking, these mechanisms are never flawless. However, there is a technology controlling and reporting all suspicious activities in the internal as well as external corporate environment. It is not difficult to monitor such activities, or terminate them by system administrators.
Deloitte may assist you in monitoring security incidents, which ensures:
- Pro-active blocking of security incidents to emerge;
- Cost optimisation by preventing outages of critical ICT systems and their investigation;
- Gaining general knowledge of the work of ICT system administrators; and
- Gaining knowledge of the general state of ICT security.
Business continuity management (BCM) involves a process allowing one to overcome disruptions in an efficient manner. Organisations should be prepared for emergency situations to eliminate the impacts thereof and ensure the recovery in the shortest possible time. Concurrently, the organisation's operations cannot be completely discontinued. The primary objective of BCM is to prepare preventive measures to manage emergencies and find alternative processes or other options for continued operation and production. Deloitte can provide you with assistance relating to BCM development and implementation, determining BCM strategy and managing BCM programmes.
Benefits of BCM for your company:
- Enhanced resistance of your organisation to operation and production disruption;
- Reducing impacts of extraordinary events, emergencies and crisis situations;
- Ensuring supplies and dispatching key products in crisis situations;
- Improved trustworthiness of your organisation for clients, suppliers and partners; and
- Compliance with regulatory and legislative requirements (such as Acts Nos. 240/2000 and 458/2000, the Sarbanes–Oxley Act).
The availability of information and access privileges are a two-edged sword. They may facilitate access to new markets, connect you with clients and business partners and increase your productivity and efficiency. However, in relation to the vulnerability of systems processing information, they may expose you to new risks, including unauthorised access to information, breach of confidentiality, loss of intellectual property, denial of service and virus infections. Using penetration tests, we may help you explore the weaknesses of applications and IT systems that could be misused by hackers to violate the confidentiality, availability and integrity of the computer network, which allows companies to deal with these weaknesses.
Penetration testing and vulnerability management may bring the following benefits:
- Infrastructure protection against hacking, misuse of systems and data theft;
- Increasing awareness of the security of operated systems; and
- Protecting the company's reputation and good name.
Information and data currently represent the most valuable assets. Their protection must be a priority for each organisation. Security governance is a comprehensive process ensuring the availability, trustworthiness and integrity of corporate data. A correctly-set security framework defines the compliance with statutory and regulatory requirements, risk management and continuity, operation of security technology and continuous awareness raising among employees and customers in terms of security and protection.
Deloitte may assist you in:
- Building a strategy for the protection and privacy of data;
- Designing a corporate database and data classification map;
- Accepting effective measures and procedures for information security management;
- Training staff and developing awareness-raising programmes;
- Implementing safe cross-border transfers;
- Reviewing third-party control mechanisms;
- Preserving critical data and preventing their misuse;
- Meeting statutory requirements for acquiring specific data;
- Establishing control mechanisms for privacy protection in your IT projects; and
- Managing a wide range of international compliance requirements.
Benefits of establishing security management:
- Acceptable level of information security;
- Confidentiality, integrity and availability of information;
- Employee security awareness;
- Efficient operation of security technology;
- Compliance with regulatory and legislative requirements; and
- Saving funds spent on disaster recovery.
Companies must ensure the availability, confidentiality and integrity of information in their systems. Only regular reviews of safety measures and processes relating to information security may ensure their efficiency, up-to-datedness, completeness and appropriateness. Deloitte may assist you in reviewing the environment at all levels of information systems – application, operating systems and databases, networks and processes.
Benefits of audit and security evaluation:
- Ensuring the state of security, prioritising the security areas for investments;
- Proposing security measures and rectification of identified weaknesses; and
- Security-related advisory services.
It is necessary to manage corporate software in a correct manner, as with any other asset. The incorrect software asset management may result in decreased efficiency of software use or concealed software piracy (expenses in the form of fines, criminal measures against the company's representatives). Deloitte may assist you in the management and optimisation of purchases, and the launching, maintenance, utilisation and elimination of software applications in your environment.
Launching Software Asset Management will result in:
- Prompt and efficient licence verification;
- Cost-saving – the client does not need to ensure tools and staff; and
- Time-saving – creating a unit liable for SAM.
The availability of cloud solutions and a wide range of services provided by vendors bring new opportunities for the optimisation of IT management and operation as well as a number of new issues relating to the security and efficiency of such solution. By using external suppliers, the customer can no longer be sure whether his/her data are really stored and processed as arranged and in the agreed location. It is relevant to ask whether the use of the cloud is cost-effective. An independent review of cloud services provided by Deloitte allows you to find answers to your questions as well as to facilitate the successful implementation of the cloud transformation, starting from the solution selection to the safe implementation.
Cloud Assurance benefits for your company include:
- Business case preparation and cost-effectiveness analysis;
- Assistance in managing cloud transformation projects;
- Verifying localisation and regulations relating to your data and processes;
- Reviewing mechanisms ensuring the availability, trustworthiness and integrity of your data;
- One-time verification or review of suppliers or long-term security monitoring; and
- Implementation of security checks in line with international standards and regulations.
If you are going to centralise the information systems within your group or use external vendors to transfer data from the existing data storage to another global location, Deloitte will be able to assist you in planning and implementing the consolidation process.
- One contact centre for all countries;
- Unification of regulatory requirements from countries affected by the data consolidation;
- Unification of technical and regulatory requirements and a unified solution concept;
- Analysing risks in view of individual solution options; and
- Unified price policy for all affected countries.