SECURITY RISK ASSESSMENT
CONDUCT A RISK ASSESSMENT
CISO AG will review your organisations security goals and conduct a risk assessment to inform your cybersecurity choices. By understanding information security risk and the impact it may have on an organization, CISO AG’s consultants set the foundation for a formalized IT risk management program.
Risk management is the ongoing process of identifying, assessing, and responding to risk. This is the first step in the security cycle of risk management, a risk assessment provides insight into the effectiveness of your security posture and acts as a baseline for developing policies and control decisions.
Achieved through the following processes:
Identifying your most critical information systems, and mapping out critical data flows
Identifying all ‘interested parties’ that may access/process your sensitive data on site
Identify all relevant 3rd parties whom process critical data, and prioritise them based on risk
Identifying the boundaries of systems under your control, vs 3rd party control/access
Creating a process for supplier on-boarding, incorporating various checks for compliance against your policies, and meeting your organisation’s risk appetite
Ensuring all existing 3rd parties have contracts, with appropriate clauses, SLAs and penalties
Ensure data breach obligations are embedded and tested, along with your internal team’s awareness and participation (including your public relations team)
Enforcement of contractual obligations through audit and supplier performance reviews
Using world class tools to give your most critical suppliers an ongoing technical risk assessment
Incorporating assessment feedback into a continuous improvement process for your supply chain
Escalation of major risks to Procurement, to help your organisation steer clear of dangerous waters
This service is a cost-effective model that can be scaled – both in length and scope – to meet the specific and unique security needs and risk appetite of the client. Through this package our clients can focus on their core business activities, whilst being assured that their information assets are available, effective and safe.
Beyond baselining an organization’s security posture, information security risk assessments are also the first requirement outlined in federal regulations such as Sarbanes-Oxley Act (SOX), Gramm-Leach Bliley Act (GLBA) and Health Insurance Portability and Accountability Act (HIPAA).
The Payment Card Industry – Data Security Standards also require merchants of all sizes to perform due diligence in assessing risk in their technology operations. This also is a requirement within the GDPR Framework.
Identify Assets
Identify threats & vulnerabilities
Assess current state
Evaluate risks
Assign ownership