Risk management, also known as information security, means protecting data and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording, and/or destruction. Our risk management process will allow us to help you determine where there might be potential security breach issues within your company. This requires analyzation of employee policies, outdated software, system negligence, and/or malicious intent towards the company. We will test and also help you fix issues that may exist with your company’s anti-virus, firewall, data transfers, wireless networks, and computer access. Every business has its own share of confidential information about customers, employees, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers.
Our Risk Assessment includes:
• security policy
• organization of information security
• asset management
• human resources security
• physical and environmental security
• communications and operations management
• access control
• information systems acquisition, development and maintenance
• information security incident management
• business continuity management and regulatory compliance
In broad terms, the risk management process consists of:
1. Identification of assets and estimating their value
2. Conduct a threat assessment. Include: Acts of nature, acts of war, accidents, malicious acts originating from inside or outside the organization
3. Conduct a vulnerability assessment
4. Calculate the impact that each threat would have on each asset
5. Identify, select and implement appropriate controls
6. Provide a proportional response
7. Evaluate the effectiveness of the control measures
8. Ensure the controls provide the required cost effective protection without discernible loss of productivity
