Cyber Law Consulting >> Audit >> Risk Assessment
Many threats to information security exist, but not all have the same chance of being exercised by an attacker, and not all threats carry the same business impact. Risk assessment identifies where risk is concentrated, and helps management to make clear and rational decisions on how to manage that risk.
Information assurance is often traced back to a statement of policy. Closer examination will show that the basis for good policy is an understanding of the terrain—the risks to be managed—and a plan to help the organization navigate the terrain successfully.
Assessing risks to information can be done in a way that information management spending can be brought more closely in line with business objectives, mitigating the most likely and most costly problems that can occur.
Cyber Law's Risk Assessment methodology is based on the recommendation of the National Institute for Standards and Technology (NIST). Part of the U.S. Department of Commerce, NIST provides standards and recommendations for a wide variety of technologies and their uses. Interestingly, NIST also cites Cyber Law's research work in some of its own Special Publications.
Major components of the Risk Assessment methodology include:
- System Characterization
- Threat Identification
- Vulnerability Identification
- Safeguard Analysis
- Likelihood Determination
- Impact Analysis
- Risk Determination
- Safeguard Recommendations
- Results Documentation
These results and recommendations plug directly into our system for Risk Mitigation.
Understanding risk in information systems can be complex. Finding a reputable vendor with the kind of expertise needed to perform risk assessment well doesn't need to be. Let Cyber Law show you how risk assessment can help you manage information technology spending, while also making -- and keeping -- your information safe. |
