Cyber capability brochure Cybersecurity Today: A fresh look at a changing paradigm for government agencies The cyber domain presents endless opportunities to Federal agencies looking for new ways to deliver on their mission and serve citizens, while reducing operational risk. Government is investing in new and innovative technologies that will empower our nation to achieve more. Next-generation identification systems will reduce terrorist and criminal activities by improving and expanding biometric identification and criminal history information services. “Smart” electric grids will make the country more energy independent and increase the use of renewable energies. Intelligent travel systems will make air travel quicker and safer. Electronic medical records are improving access to health care and reducing costs. These investments require up-front planning and preemptive cybersecurity practices to mitigate the inherit risks associated with the advance persistent threat. However, operating in the cyber domain is not without increased risk. Our cybersecurity efforts are matched — if not outpaced — by the sophistication on the part of nimble opponents from other nations, cyber terrorists, cyber criminal syndicates, malicious insiders, cyber espionage — not to mention the inadvertent breach. For better or worse, our cybersecurity efforts are increasingly interconnected with agency mission and programs, inextricably linking daily decisions on performance, workforce management, and information sharing with threat deterrence at every level of the organization. By adopting a proactive, performance- focused, and risk-intelligent approach to cyber initiatives, leaders can help shape their organizations into more proactive, agile, and resilient organizations to protect their people, programs, and mission. Cyber: The new normal Cyber is not just a new domain, it is the new normal. Agency leaders have a critical task ahead of them to take a fresh look at their personnel, policies, processes, and systems to synchronize their cyber initiatives and empower collaboration across departments to protect people, programs, and mission. To strengthen their cyber efforts, today’s leaders are helping drive coordination across functions, agencies, and the private sector toward a shared cyber competence that enables the mission while assigning accountability. Here are some actions agencies should consider: Treat data like a monetary asset. • Understand the value of all your agency’s assets and protect what matters most to the mission and preserve the public’s trust. Follow the flow of information• inside and outside of your agency to identify vulnerabilities; strengthen every link in the chain. Do more with identity management.• Identity, Credentialing, and Access Management (ICAM) offers new opportunities to expand partnerships and add services quickly and cost-efficiently. Make cyber a performance goal.• .

1. Cyber capability brochure
Cybersecurity Today:
A fresh look at a changing
paradigm for government agencies
The cyber domain presents endless opportunities to
Federal agencies looking for new ways to deliver on their
mission and serve citizens, while reducing operational
risk. Government is investing in new and innovative
technologies that will empower our nation to achieve
more. Next-generation identification systems will
reduce terrorist and criminal activities by improving and
expanding biometric identification and criminal history
information services. “Smart” electric grids will make the
country more energy independent and increase the use
of renewable energies. Intelligent travel systems will make
air travel quicker and safer. Electronic medical records are
improving access to health care and reducing costs. These
investments require up-front planning and preemptive
cybersecurity practices to mitigate the inherit risks
associated with the advance persistent threat.
However, operating in the cyber domain is not without
increased risk. Our cybersecurity efforts are matched — if
not outpaced — by the sophistication on the part of
nimble opponents from other nations, cyber terrorists,
cyber criminal syndicates, malicious insiders, cyber
espionage — not to mention the inadvertent breach.

2. For better or worse, our cybersecurity efforts are
increasingly interconnected with agency mission
and programs, inextricably linking daily decisions on
performance, workforce management, and information
sharing with threat deterrence at every level of the
organization. By adopting a proactive, performance-
focused, and risk-intelligent approach to cyber initiatives,
leaders can help shape their organizations into more
proactive, agile, and resilient organizations to protect their
people, programs, and mission.
Cyber: The new normal
Cyber is not just a new domain, it is the new normal.
Agency leaders have a critical task ahead of them to
take a fresh look at their personnel, policies, processes,
and systems to synchronize their cyber initiatives and
empower collaboration across departments to protect
people, programs, and mission. To strengthen their cyber
efforts, today’s leaders are helping drive coordination
across functions, agencies, and the private sector toward
a shared cyber competence that enables the mission while
assigning accountability. Here are some actions agencies
should consider:
Treat data like a monetary asset. • Understand the
value of all your agency’s assets and protect what
matters most to the mission and preserve the public’s
trust.
Follow the flow of information• inside and outside of
your agency to identify vulnerabilities; strengthen every
link in the chain.
Do more with identity management.• Identity,
Credentialing, and Access Management (ICAM) offers
new opportunities to expand partnerships and add
services quickly and cost-efficiently.

3. Make cyber a performance goal.• Agencies that can
see what’s valuable to their people and programs will
shorten their learning cycle and drive lasting change.
Break security from its information technology (IT) •
silo. Get everyone — CFO, CHCO, CAO, CIO, CISO,
CTO, program leads, and others — at the table to drive
change in their department.
Adopt a risk-intelligent approach. • A 360-degree
view of your agency’s risks helps all departments make
better decisions, set priorities, manage investments, and
measure results.
Automate wherever possible.• Create a disciplined,
repeatable, control-based approach to reduce
redundancy and rework, and free up employees to
focus on managing the mission.
Cultivate workforce resiliency.• A cyber-sensitive
workplace incorporates role-based cyber training, sets
clear performance expectations, and helps protect
information security and personal safety.
Make room for a new kind of cyber leader. • Look
beyond functional and technology expertise when
vetting new leaders.
Move to a new cyber tempo. • More than just speed,
a cyber-savvy agency is agile — whether it is tackling
changing cyber threats or agency missions.
Cyber innovation. • Utilize the network data within
your own enterprise and fuse it with external cyber
intelligence to improve mission effectiveness.
Deloitte can help
Deloitte is committed to helping government achieve its
mission and performance goals in the cyber domain by
delivering a multidisciplinary perspective that cuts across
strategy, people, process, and technology. Deloitte's cyber
portfolio aligns with presidential mandates on transparency
and accountability to help clients in their efforts to develop

4. both a strong cyber foundation and a proactive cyber
posture.
“Over the past ten years, the frequency and
sophistication of intrusions into U.S. military
networks have increased exponentially. Every
day, U.S. military and civilian networks are
probed thousands of times and scanned
millions of times … Adversaries have acquired
thousands of files from U.S. networks and
from the networks of U.S. allies and industry
partners, including weapons blueprints,
operational plans, and surveillance data.”
— Journal of Foreign Affairs, September 2010
As used in this document, “Deloitte” means Deloitte & Touche
LLP,
which provides audit and enterprise services, Deloitte
Consulting LLP,
which provides strategy, operations, technology, systems,
outsourcing
and human capital consulting services, Deloitte Tax LLP, which
provides
tax services, and Deloitte Financial Advisory Services LLP,
which provides
financial advisory services. These entities areseparate
subsidiaries of
Deloitte LLP. Please see www.deloitte.com/us/about for a
detailed
description of the legal structure of Deloitte LLP and its
subsidiaries.
Security and privacy. • Assessment, remediation,
implementation, and integration solutions to help

5. agencies improve risk and compliance, security
and privacy, IT governance and technology control,
and address the myriad Federal technology-
related regulations and frameworks, including Risk
Management Framework (RMF), Federal Information
Security Management Act (FISMA), ICAM, Homeland
Security Presidential Directive 12 (HSPD-12), and more.
Forensics and Analytics. • Preventive behavioral
analytics-based investigative and forensic tools to
improve agency network operations, develop targeted
defensive strategies, and to secure important data.
Technology. • IT solutions for agency cyber issues,
including cyber situational awareness, cyber command
and control, secure enterprise architecture, and research
and development of new technology innovations.
IT transformation and standardization solutions for
organizations seeking not only to modernize, but also to
establish a resilient cyber operation profile.
Strategy and Operations.• Strategy and transformation
solutions for cyber organizations to stand up new
programs and get existing programs back on track.
Human capital management. • A full range of human
capital solutions to address agency cyber challenges,
including workforce-wide cyber training, culture change,
security workforce organization design, and capacity
building. Our cyber talent diagnostic tool examines an
agency’s existing structure for building cybersecurity
capabilities, identifies gaps across the current and
desired future state, and provides a prioritized road map
for enhancing existing or establishing new cyber talent
strategies and solutions.
Deloitte’s commitment to cyber:
Deloitte was recently selected by the Department •
of Homeland Security (DHS) and DHS Secretary
Janet Napolitano as the “Best Iconic and Overall

6. Structure” award winner for the 2010 National
Cybersecurity Awareness Challenge.
Three-year sponsor of the National Collegiate •
Cyber Defense Competition (NCCDC).
Corporate sponsor of the EastWest Institute (EWI)’s •
Worldwide Cybersecurity Initiative and a leading
sponsor of EWI’s Annual Worldwide Cybersecurity
Summit.
Deloitte has approximately 11,000 security and IT •
risk professionals.
Deloitte has 5,700 Federal practitioners and former •
government executives, including cyber leaders
and innovators widely recognized by government
and the private sector for their contributions to the
advancement of cyber thinking.
Forensics
and
analytics
Technology
Security
and
privacy
Human capital
management
Strategy
and
operations
Cyber

7. • Cyber research and development
• Cyber situational awareness
• Secure enterprise architecture
• Cyber command and control
technologies
• Cyber strategy
• Cyber transformation
• Incident response
• Malware analysis
• Code deconstruction
• Infrastructure assessments
• Financial intelligence
• Threat intelligence
• Secure workforce training and culture
• Security workforce organization
Design and capacity building
• IT risk management
• Operations, threat, and vulnerability
management
• Identity, credential, and access

8. management
• Application integrity
• Business continuity and resiliency
• Privacy and data protection
Copyright © 2010 Deloitte Development LLC. All rights
reserved.
Member of Deloitte Touche Tohmatsu Limited
Recognition from the experts
Top Ranked in Information Security and Risk •
Consulting in 2010 by Forrester
Rated a• Leader in IT Strategy and Planning consulting
in Kennedy Vanguard ITSP Provider Report
Rated • Leader in IT Strategy and Planning by Gartner
Rated • Top Firm in IT Organizational Redesign by
Forrester in 2009
Kennedy Information ranked • Deloitte #1 in Global
Talent Management Consulting (2009)
Top 20 Contractor• according to Washington
Technology’s Top Federal Contractors’ List for 2010
Deloitte’s cyber strategies in action
Deloitte’s specialized mix of private-sector perspective and
public-sector experience helps clients tackle their most
challenging cyber issues. Our multidisciplinary capability
and risk-intelligent approach has helped numerous
agencies with a wide range of missions. Recently, Deloitte
has helped Federal agencies in their efforts to:
Achieve 100% FISMA compliance for 80 plus •

9. information systems to reduce the overall level of effort
and cost of FISMA activities.
Develop and implement an identity and access •
management service to support the business and
application owners for over 400,000 users.
Retrain security personnel in cybersecurity issues, •
helping to protect the confidentiality, integrity, and
availability of $540 million worth of stakeholder
financial data.
Develop a FISMA-compliant IT security program, •
resulting in the certification and accreditation of 32
critical IT systems and becoming the model for other
agencies within the department.
Develop a single enterprise-wide IT cybersecurity •
environment and architecture for use domestically and
overseas, to help identify and control threats.
Establish an enterprise authorization capability to •
improve information sharing across organizations and
communities of interest on the global information grid.
Establish a privilege management system to help •
facilitate policy-based access control capable of
formulating and enforcing fine-grained and dynamic
access decisions.
Let’s talk
With a demonstrated track record of helping public and
private-sector organizations around the world achieve
cyber success, Deloitte has the people, insights, and
experience to help your organization achieve more. How
can Deloitte help you?
Helping clients achieve more
Deloitte continues to invest in resources and tools •
to help our clients accelerate cyber initiatives and
raise public awareness of the importance of cyber
risk issues. These investments include:

10. A global network of 53 security and forensics –
labs, including the Electronic Discovery
Solution
s Center, a 13,000 square foot facility
near Nashville, Tennessee, offering cross-
platform forensic analysis.
Our Center for Federal Innovation, housing –
production-ready services and solutions that
include current technologies and support
real-world deployments in cyber and next-
generation citizen services. The center includes
the Center for Cyber Innovation, dedicated
to the development of strategies for clients
grappling with the challenges of increasingly
vulnerable information networks.
Contact
JR Reagan
Principal, Deloitte & Touche LLP
[email protected]
+1 571 882 5870

11. Lt. Gen. Harry D. Raduege, Jr., USAF (Ret)
Chairman, Deloitte Center for Cyber Innovation
[email protected]
+1 571 882 7300
Amry Junaideen
Principal, Deloitte & Touche LLP
[email protected],
+1 202 220 2664