Risk Assessments provide the pillar to manage Risk and provide recommendations that drive security strategy in an organisation.
Companies wanting to improve security should conduct a risk assessment to understand their risk their to drive how their security needs to be improved.
It identifies all physical, soft and virtual assets.
It provides mitigations, and analysis of residual risks.
This helps the company to understand the costs of assessing, quantifying and mitigating risks and maintaining information security going forward.
Our risk assessments give visibility and justification to top management.
We involve Management of the organisation in scoring and determining the financial impact of different attacks. These gives them first hand experience of the state of security. This will help them understand the importance and prioritisation of mitigating areas of concern.
Assets and discovery: We draw full list of physical and virtual assets; hardware, networks, virtual networks, virtual servers, cloud services, wireless networks, leased and virtual circuits, sites, cloud assets, staff, external contractors, external service providers.
We produce a Network Information Documentation which is complete and can be used as “live” document to manage and document the day to day changes on of the IT Infrastructure after the risk assessment.
Complete Software catalogue
Full roles of staff and ownership of systems is identified, along with workflows and interfaces.
For in-house or developed software provides that is developed using a software development life cycle; the origin of software, what has been developed, when by who, and in particular its maintainability.
We identify all the areas of concern
Mitigations are normally driven by isolating assets and implementing access controls systems and policies. These are typically integrated into the Security Architecture of the Infrastructure.
The positive result is that if there are major flaws, big risks or future sizable mitigation costs the risk assessment will bring them to the surface. Those can be factored into the valuation or transaction costs.
We are ISACA (CISA) Licensed and perform Risk Assessments in accordance with the above processes, and IT Audits, in accordance with industry normatives.
Technical Background: We have extensive experience in working with large spectrum of critical problems and in challenging industries which enriched our expertise knowledge and first hand implementations. For example we have worked on: Railway, Cloud Finance, High Frequency Trading, Energy, Cloud Service, E-commerce, Aviation Hospitality etc...
We very often work in environments where all knowledge about the company infrastructure has been lost or was never drawn nor documented.
We are technically minded (geeks if you will), and as such are able to communicate and get cooperation from the organisation’s IT staff. We are also seasoned business and commercially minded people, and can engage all levels within the organizational structure.
We don't assume/ tick boxes in preset list of risks, we know each companies risk profile is unique so all risk assessments we do are customized.
The process however is standard and structured.
Pragmatic and Integrated Mitigations: Our risk assessments provide you with tailored mitigations that match the company’s capabilities and culture.
Cost effective mitigations. Mitigations are primarily Opex savvy and our Capex will normally recommend solid solution that is implemented in ways that your CFO will sign off on.
We are vendor neutral, we don't sell solutions, recommend you who to use, this is required to avoid compromising our independence and to maintain a long term partnership with you.
We have excellent references from Startups to MNC’s
Contact us below to discuss how we may help your organisation. We provide up to 2 days free of charge onsite scoping review to issue a proposal.