Call Us: 619-684-9117
Risk Insights Blog

Risk Assessment

Uncover a comprehensive understanding of your organizations risks via a thorough evaluation of your business assets, threat and vulnerabilities.


Overview

Risk Insights risk assessment service provides clients with a clear understanding of the risks that their organizations are faced with. Our proprietary risk assessment methodology addresses all FFIEC, HIPAA and FISMA requirements for conducting risk assessments. In addition to meeting regulatory requirements, the enterprise risk assessment provides valuable insight that can be used to steer your organizations security program.

As security patterns continually involve, it is imperative that your risk management providers stay abreast of current threats and issues within the industry. Risk Insights personnel are dedicated to staying current on security threats, vulnerabilities, regulations and industry trends. Our risk assessment services are composed of a thorough evaluation of physical, technical, regulatory and business continuity related issues.

Description

Risk assessments significantly differ from typical conventional security assessments. Unlike a security assessment, which focuses solely on vulnerabilities, a risk assessment analyzes: assets, threats, vulnerabilities and incidents. The comprehensive scope of Risk Insights risk assessment service provides customers with a detailed perspective of the security issues that threaten their critical business processes.

The Risk Insights risk assessment methodology is derived from Carnegie Mellon’s OCTAVE (Operational Critical Threat Asset Vulnerability Evaluation). The OCTAVE approach to performing risk assessments is considered a standard across multiple industries and is used by practitioners worldwide. In addition to OCTAVE, Risk Insights has developed highly customized risk assessment frameworks that are used to perform industry specific risk assessments. Risk Insights proprietary risk assessment frameworks have been developed by highly qualified personnel with over 10 years of security experience.

Approach

Risk Insights risk assessment methodology consists of the following core phases:

  • Asset Analysis: During the asset analysis, Risk Insights collects detailed information for all critical assets of the organization. Types of assets identified include the following:
    Physical: facilities and facility infrastructure
    Technical: applications, hardware, telecommunications
    Business: business services, personnel, information

  • Threat Analysis: During the threat analysis phase, Risk Insights evaluates a set of over 30 unique threats. Each threat is assessed to determine its probability and potential impact against the assets identified during the asset analysis phase. Examples of threats evaluated during this phase include: fire, flood, power interruption, physical theft, network intrusion, configuration errors, malicious code, etc.
  • Vulnerability Analysis: Risk Insights leverages the ISO 27001 security control framework to perform a through analysis of vulnerabilities within the organization. The following list summarizes the vulnerability categories that are evaluated during the assessment:

    Access Control
    Acquisition and Development
    Incident Management
    Business Continuity
    Compliance
    Security Policy
    Organizational
    Asset Management
    Physical/Environmental
    Human Resources
    Communications

  • Data Correlation: Once the organizations assets, threats and vulnerabilities have been identified, Risk Insights develops risk models that depict the organizations risk for each asset. The risk determination is based upon an analysis of: (asset criticality * threat vector * vulnerability level). Risk levels are presented to the customer via a comprehensive report that includes both quantitative and qualitative risk levels.

Our Services


Our Services

Our Company

Resources

----------------
© 2012 Risk Insights. All rights Reserved. Contact Us   Policies