Skip to main content
Analysis:
Analysis
13 Dec 2016

Deloitte Digital case study: Secure Cyber

Reviewing and strengthening of a current cyber security posture

Before starting a large IT Infrastructure program, the client, a Major Financial Institution in Luxembourg, wanted to review and strengthen its cyber security posture. This project required to conduct an assessment covering people, process and technology dimensions of the client’s current cyber security posture, and define a tailored cyber security target state as well as an actionable plan for improvement and remediation to reach this target.

Solution

The following activities have been performed:

  • Cyber threat landscape: A preliminary step of this project consisted in defining the cyber threat landscape specific to the client (what is the Internet exposure, what are the sensitive digital assets, who might attack and tactics they might use, etc.) as well as the organizational risk appetite;
  • Definition of the “TO-BE” target state: We defined a target state tailored to the client’s cyber threat landscape and market leading practices, notably based on Information Security standards (such as ISO27001) and results of global and local benchmarks. This target state consisted in a detailed cyber security framework identifying required cyber security capabilities;
  • Analysis of the gaps between “AS-IS” and “TO-BE : We assisted the client in measuring its current cyber security maturity (three levels: People, Processes & Technology) through technical assessments and review of organization and processes. Then, we performed a detailed gap analysis between desired “Target State” and “Current State”;
    Definition of corrective actions: We provided the client with a sequenced, structured, clear, and actionable set of correctives actions;
  • Development of a cyber roadmap: We provided a strategic roadmap for improvement where corrective actions were instantiated into detailed and prioritized security projects (including cost benefit-analysis), adjustment to the organization and operating model, etc.  

Impact

Through the outcome of this project, the client gained a clear view of its Cyber security posture and was provided with an actionable roadmap to improve this posture. This project supported the transition to an executive-led cyber risk program that balances requirements to be secure, vigilant and resilient in line with the risk appetite of the client.

More specifically, the client benefited from:

  • a sustainable cyber control framework to tackle current and emerging threats; 
  • an effective and short-term risk reduction program, e.g. the implementation of effective vulnerability management practices aligned with patch management activities, targeted security hardening, etc.
  • Clear guidelines to rationalize security technologies.

Did you find this useful?

Yes
No

Thanks for your feedback

If you would like to help improve Deloitte.com further, please complete a 3-minute survey

Your feedback is important to us

To tell us what you think, please update your settings to accept analytics and performance cookies.

Need help updating cookies?

Get in touch

Pascal Martino

Partner | Banking and Human Capital Leader
+352 45145 2119

Patrick Laurent

Partner | ACG Leader & Innovation Leader
+352 45145 4170

Our thinking

Space companies in luxembourg

Space companies: find an idea of which Space companies have decided to have a footprint in Luxembourg, their size and their specialization. We would of course be more than happy to hear your take on the Luxembourg Space sector.
Analysis
5 minute read

Deloitte Digital case study: Create experience

The client is a Private Bank with most of its clients living offshore, thus requiring an easy access to their account information. In that context the Bank intends to further develop their current e-Banking services and improve their overall customer experience.
Analysis
2 minute read

Deloitte Digital case study: Optimize impacts

Recent market developments disrupted the desk’s operations and hindered the implementation of its Affluent client servicing model. In order to keep momentum, the Bank requested assistance to shape and deploy the Affluent client servicing model.
Analysis
3 minute read