Risk Assessment Development and Review
The IT Risk Assessment provides the foundation of the organization’s information security program. The Risk Assessment should be a dynamic tool rather than a point-in-time exercise and be incorporated in all aspects of the organization’s operations.
Risk Assessment services provide Management with support and guidance in the development of a new assessment or review and update of an existing one. A key aspect of this service focuses on developing the capabilities of the organization’s staff to incorporate a risk-based approach to applying good security and compliance practices in their daily tasks, as well as to identify gaps in the design or execution of controls that make up the information security program. Delivery of this service can range from a straight-forward audit to a hands-on development and training exercise with Management to design and implement a comprehensive information risk assessment for the organization.