Security Risk Assessments
Security risk assessments that add value.
Security Assessment Preparation
The first step is always preparing. This step ensures context for the security risk assessment. Our preparation usually begins very early in our relationship and includes:
- Purpose of the assessment
- Scope of the assessment
- Uncovers any assumptions or constraints
- Any potential inputs or factors to consider while conducting the assessment
- Identify the analytic approach
Conducting Security Risk Assessments
The outcome of this step is to provide you with a list of security risks that can be prioritized and used to inform a meaningful risk response. Completing a risk assessment has many steps and tasks. Those tasks in summary are:
- Identify security threat sources that are relevant to your organization or industry
- Identify threat events that might come from the threat sources
- Identify security vulnerabilities in your organization that could be exploited by threat sources
- Determination likelihood that threat sources would initiate specific threat events
- Determination of impact to the organization resulting from the exploitation of security vulnerabilities
- Determination of actual security risk as a combination of likelihood of vulnerability exploitation and impact of exploitation
Security Risk Assessment Reporting
At the conclusion of the security risk assessment we report on the results of the risk assessment and ensure that you can understand the results. Our goal is ensure that decision makers have the appropriate risk-related information needed to inform and guide risk decisions. In addition to preparing a report, based on the organizational communication style we can also prepare executive briefings, prepare risk memos, or risk dashboards.
Recent Blog Posts
By: Justin Fimlaid In my previous post there’s a big difference between a security assessment and a security program review. The NIST Cybersecurity Framework is a leader and go-to in developing a security program. The NIST Cybersecurity Framework is broken down into...
By: Scott Mosher As business needs change and technology advances, partners have taken on larger roles within organizations. Because senior-level management must produce more with fewer internal resources, they seek to increase productivity while reducing cost within...
By: Jeff Bamberger Now that you have decided to create/configure your business to accept credit cards as one form of payment for the goods or services you offer to your customers, you may be curious what impact that decision will have on your business operations. ...