Security Risk Assessment

The present state of information security is inadequate to protect our organizations against many threats. The sophistication of hackers and the Internet of Things have changed how we need to manage risk. There is a need to take a holistic approach to understanding potential damages before, during, and after an attack and understand how mitigation against those risks can take place. The IAC Cyber Security Risk Assessment includes a review of the current tools used for controls implemented to mitigate cyber risks.

A control is something that if implemented fully may stop a risk. Understanding risk helps an organization answer questions concerning their vulnerability, assets protection, types of threats, likelihood of a realized threat, impact of a realized threat, reduction of realized threats, reduction of impact of realized threats and allocation of resources related to controlling threats. There are various models used for the analysis and audit geared to the size of the company and industry.

Information Risk Assessments set the stage for establishing the Information Technology ‘Big Picture’. Our Information Risk Assessment process is built around an ISO 17799/27001 based framework, and controls are customized according to business needs (Health Insurance Portability and Accountability Act of 1996 (HIPAA), Federal Information Security Management Act of 2002 (FISMA), Financial Services – FEDERAL FINANCIAL INSTITUTIONS EXAMINATION COUNCIL (FFIEC) & Gramm-Leach-Bliley Act (GLBA), North American Electric Reliability Corporation’s (NERC) CRITICAL INFRASTRUCTURE PROTECTION (CIP), or the Payment Card Industry Data Security Standard (PCI DSS).

The analysis includes many aspects of the organization including personnel understanding, processes in place and how well they are implemented, and what technology is being used.