Security Risk Assessments

Security risk assessments that add value.

If you’re looking for a security risk assessment, our comprehensive approach ensures you have a complete list of security risks that are easy to understand.

Our Approach

Our approach to assessing risk follows industry frameworks accepted by common compliance bodies such as Health Insurance Portability and Accountability Act) HIPAA Office of Civil Rights (OCR), Payment Card Industry (PCI) Security Standards Council (SSC), and the Center for Medicare & Medicaid Services (CMS).  Our approach is outlined below:

Security Assessment Preparation

The first step is always preparing.  This step ensures context for the security risk assessment.  Our preparation usually begins very early in our relationship and includes:

  • Purpose of the assessment
  • Scope of the assessment
  • Uncovers any assumptions or constraints
  • Any potential inputs or factors to consider while conducting the assessment
  • Identify the analytic approach

Conducting Security Risk Assessments

The outcome of this step is to provide you with a list of security risks that can be prioritized and used to inform a meaningful risk response.  Completing a risk assessment has many steps and tasks.  Those tasks in summary are:

  • Identify security threat sources that are relevant to your organization or industry
  • Identify threat events that might come from the threat sources
  • Identify security vulnerabilities in your organization that could be exploited by threat sources
  • Determination likelihood that threat sources would initiate specific threat events
  • Determination of impact to the organization resulting from the exploitation of security vulnerabilities
  • Determination of actual security risk as a combination of likelihood of vulnerability exploitation and impact of exploitation

Security Risk Assessment Reporting

At the conclusion of the security risk assessment we report on the results of the risk assessment and ensure that you can understand the results.  Our goal is to ensure that decision makers have the appropriate risk-related information needed to inform and guide risk decisions.  In addition to preparing a report, based on the organizational communication style we can also prepare executive briefings, prepare risk memos, or risk dashboards.

Recent Blog Posts

Securing Software as a Service (SaaS)

What is SaaS? SaaS, or Software as a Service, is a software licensing and delivery model based on paying a subscription fee for access to an online application. Products that fall under SaaS have a wide range of use cases and functionality, from sales platforms and...

Implementing Robust PAM with CyberArk

We're surveying identity as a mechanism of compromise in a first-of-its-kind "Partner Spotlight" series – it’s CyberArk Week at NuHarbor!What is PAM? Privileged Access Management (PAM) is a security solution intended to control and monitor privileged access across an...

Ryuk Ransomware and Healthcare: What You Need to Know

The Ryuk ransomware has been in the news recently with a string of devastating high-profile breaches.  ​What Is Ryuk? Ryuk is a relatively new strain of ransomware that was first seen in August 2018. It’s mainly used in targeted ransomware attacks against vulnerable...

Got Security Risk?

Pin It on Pinterest