 |
Threat Risk Assessment
|
Business Issue
Organizations need to understand, qualify, and quantify the threat that security risks pose to their organizations today. Understanding this will enable organizations to take precautionary measures to limit their exposure to such risks.
SOLUTION:
Approach
We will begin by identifying your information assets and the impact that loss, damage or compromise of those assets could have on your business. It will also include a review of all existing IT services and information repositories. The major threats/vulnerabilities facing the organization will be identified and prioritized to assist in planning the most effective means to protect the assets and improve overall security. This information will be collected using our enhanced methodology as follows:
Information Gathering
Assessing risks for an IT system requires a thorough understanding of the system environment. This initial stage of the project, clarifies the scope of the assessment, and characterizes the system environment using information-gathering techniques to solicit information that is relevant to your environment.
Threat Identification
Once the essential elements of your IT system scope, operational boundaries, and assets have been determined, potential threat sources (agents) will be identified and classified according to their potential to cause harm.
Vulnerability Identification
A potential threat to an IT system only becomes a risk if the threat is capable of exercising a flaw or weakness in the security design, implementation or procedures of a system. Vulnerabilities can take many forms including risk from water damage, to flaws in applications, which may allow an intrusion or unauthorized access to occur.
Control Analysis
The likelihood of a potential vulnerability being exercised by a given threat depends on the effectiveness of any current or planned security controls within the environment. This may take the form of technical security controls incorporated into IT systems or non-technical methods that are procedural or policy in nature.
The next step in the risk analysis process examines the relationship between threats, vulnerabilities and any current or planned security controls. By pairing “threat-actors” with controls designed to mitigate them, the likelihood that a given vulnerability will pose a risk can be determined.
Risk Analysis
The goal of the Risk Analysis stage is to assess the level of risk, from identified threats vulnerabilities and current control mechanisms. Based on the likelihood of a given threat exercising an identified vulnerability, the magnitude of impact, adequacy of current controls, and the potential for risk will be determined.
Control Recommendations
To reduce the level of risk to an acceptable level, control recommendations and alternative solutions are the result of the risk assessment process. By establishing the level of risk associated with the threat-actors, controls or any required modifications to the existing controls mechanism that could mitigate or eliminate the risk are identified to formulate control recommendations as input to subsequent phases of the risk management process for the organization.
Results Preparation
Identified risks and recommended controls to mitigate them will be organized into an action plan to be divided into areas, costs and risks. This plan will also recommend tools, improved processes, development of new policies or the modification of existing ones. This plan will be constructed based on what we see as the areas requiring priority attention.
Contact us!
If you would like to know more about how we are assisting clients with Threat Risk Assessments, then contact us at 1-877-824-4412 or via email to:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
.
|
