Threat Risk Assessments
Do you or your organization know what potential threats you may face? What are the potential damages to your organizations assets? How can you reduce your risk exposure so it is more aligned with what risk appetite?
A Basic Risk Assessment Guide (BRAG) allows an organization to analyze the likelihood, and significance, of threat scenarios. The analysis can help identify options for dealing with the identified risk, and determine which options are likely the best fit for the organization. Analysis can be conducted against environments that are in the planning stages, early development, or already operational. Scope can be a large project such as a data center move, or can be a small project such as the implementation of a new feature in an existing application.
The desired result is to allow for better risk management decisions: the combination of personnel, policies, processes, and technologies that enable an organization to cost-effectively achieve and maintain an acceptable level of loss protection.
The NCI Approach:
NCI will begin the engagement with a project kick-off meeting with your personnel. This is to gain a high level understanding of the processes, infrastructure, and people within the scope of the BRAG.
Through the BRAG analysis your NCI consultant will:
- Identify the assets at risk; the focus is on information assets, but can include databases, applications, business processes, personnel, physical locations, etc.
- Determine the Threat Scenarios to consider for the analysis.
- Evaluate the Loss Event Frequency based on:
- The threat communities active against the organization
- The capabilities of the threat communities
- The effectiveness of existing controls
- Current safeguards and the resulting vulnerability
- Evaluate the Loss Magnitude in consultation with the clients to determine just precisely how a “high risk” is in quantitative dollar values.
- Calculate the resulting risk exposure.
- If new controls and safeguards are under consideration, a comparison of existing risk and residual risk will be made.
- Provide recommendations to mitigate the vulnerabilities and reduce overall risk exposure. This includes a report with full details, and a presentation to the project team.
The approach is repeatable and defensible; it allows for a comparison of risk across time (same environment at different times) or environments. A true apples to apples comparison.
Contact us to book your Risk Assessment and start managing risk immediately