Deloitte Control Intelligence (DCI) and Information SecurityWe provide you with the tool for managing your security level and mitigating actions

Deloitte Control Intelligence (DCI) and Information SecurityEfficient protection of information and data is vital for all modern companies, includ-ing yours. We know that the threat landscape is changing at an accelerating pace, and that companies have an ever-increasing focus on protecting business critical infor-mation and data in a way that effectively and flexibly meets the company’s need for protection. Let us help you achieve this through effective management of the risks and mitigating actions.

There is no direct connection between the size of an organisation and its need for se-curity. Different organisations have different needs. Large organisations may need less security than small ones, and the same or-ganisation may have different security levels for different data sets. But they all have the following needs in common:

• To ensure that management - at all times - has a realistic overview of the risk scenarios based on real threats, probability of security breaches and the related consequences for the organisation

• To ease the work with identifying, imple-menting and performing security controls and other mitigating actions that are neces-sary in order to achieve the chosen security level

• To create a foundation for the control environment based on uniform and specific criterias that also help internal and external audit and other regulatory authorities to perform their duties.

Risk heat-map for information security risksMost organisations, public as well as private, are gradually becoming aware of the needs for information security, especially from the

many cases related to breach of data, which have become publicly known over the past years. Data breach has affected all industries across the board.

More than ever, companies all over the world are dependent on the ability to access information and systems freely

It all revolves around risk. Therefore, it is fundamental to have a good tool that maps your risks and visualises the concrete threats that your company faces. E.g. the risk of unauthorized changes of confidential information, risk of external penetration into the company’s systems etc. When you have a clear picture of your risks, then it is easier to identify controls and other actions that will mitigate these threats and risks. This will improve your protection greatly and result in improved transparency.

Consequence

Likelihood

Unacceptable

Critical

Annoying

Immaterial

Unlikely Less unlikely Likely Expected

1

2 3

”Numerous cases concerning serious breach of data, which resulted in loss of large quantities of sensitive personal data, has led to call into question the overall quality of information security”.

and 24/7, and to be able to trust that the data and infor-mation that the company’s work is based on are true, and that data and information are not leaked to competitors and the media.

It is costly if data and informa-tion are no longer accessible, trustworthy, confidential and protected against unautho-rised changes. At worst a company’s competitive advan-tage and reputation can suffer greatly if data and information fall into the wrong hands.

Deloitte Control Intelligence and Information Security | 2017

Use DCI to secure your companyRequirements for information security have never been more important. It requires greater management of security risks and tight follow-up on the performance of the controls that are going to secure your company’s information. It can be challenging to establish an overview and effective monitoring, but it does not have to be.

Deloitte Control Intelligence (DCI) provides the tools for securing your company’s most important asset: Information. Discover how the DCI “In-formation Security Module” can support your company, and how we can help you. Based on your organisation and your needs, you define the extent of the monitoring – and in addition we can inspire you through our best practice catalogue that can help you identify security controls.

The status of all security controls and other mitigating actions can be monitored and visualized, which will give you the best foundation for making decisions.

You can thus benefit from an effective tool for risk evaluation, measurement of the maturity level of controls as well as the monitoring of specific risks and controls. In addition, you can archive documents such as security policies, rules, guides and educational ma-terials in DCI’s add-on module “Policy Management”, which gives you an integrated solution, where such can be updated on an ongoing basis at the same pace of changes in the threat landscape, arising of new technologies etc.

In this way information security be-comes practical, tangible and easier to manage.

You obtain an overview of the organisation’s security level. It makes it easier to convince the organisation’s management that the required investments are necessary, tell “the good story” to the organisation’s employees, which can be used to justify investments, overcome cultural challenges (“why do we need all this security?”) and contribute to increasing the awareness about security among the organi-sation’s business partners.

However, many companies find that informa-tion security is an immense and confusing task that is expensive and difficult to manage and, on top of that, it is also complicated and time consuming. However, this is often because the company lacks the proper tools to support risk management and controls. As a result the company often ends up losing track, and the risk level of the entire organisation is thereby increased. Deloitte Control Intelligence puts an end to all this. By increasing the focus on the opportunities that the tool gives you to automate, you will increase important and highly competitive parameters through intelligent management of your company’s information security risks and controls throughout their life cycle.

Deloitte Control Intelligence and Information Security | 2017

Kristina Wiese TranbergDirectorMobile: + 45 30 93 53 25E-mail: ktranberg@deloitte.dk

Ole William IngelssonManagerMobile: +45 30 93 65 19 E-mail: oingelsson@deoitte.dk

About DeloitteDeloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte has in the region of 225,000 professionals, all committed to becoming the standard of excellence.Deloitte Touche Tohmatsu Limited

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.

© 2017 Deloitte Statsautoriseret Revisionspartnerselskab. Member of Deloitte Touche Tohmatsu Limited

Contacts