Risk Assessments2018-06-20T13:22:12+00:00

RISK ASSESSMENTS

Risk Assessment and Risk Management are vital tools in providing relevant and effective security activities. Until you know where your threats are coming from and what vulnerabilities or weaknesses exist, you will not know where to apply controls.

The process of conducting a risk assessment and the implementation of controls, (which bring highlighted risks down to acceptable levels), must follow within effective monitoring. This and the management of the controls will ensure new risks, as well as changes within the environment/effectiveness of the existing controls; do not impact on the overall risk.

Nettitude will help you make sense of all this information in pragmatic workshops and training sessions. We will help you to implement an active and relevant risk methodology.

Request a free quote

ISO-PCI QSA-PCI PAQSA

Our comprehensive Risk Workshops will cover the following areas:

Risk Introduction & Overview

  • What is Risk
  • Benefits of Risk Management
  • Risk Management Process
  • Information Security Group

Risk Components

  • Assets and CIA Impact Levels
  • Threats
  • Vulnerabilities and Risk

Risk Assessment

  • How to generate a Risk Assessment
  • Risk Registers
  • Applying appropriate and effective controls

Risk Management

  • Effective measurements
  • How to proceed from here

How The Workshops Are Delivered

The Risk workshop is typically delivered over a number of days and will include the following activities:

  • Education and Training – An interactive overview of risk components and assessment/management process

  • Asset Identification – Work with your business units to identify their assets and assign values

  • Risk Register Creation – Facilitate and walk through a real risk assessment process to create the Risk Register

The focus will be on both education and facilitation. We want you to not only understand the best way to conduct risk assessments and implement a usable process, but to own and create your risk register that can be actively used within the business.

Who needs to be available?

It is important that to identify the correct people to own the Risk Management process, this should include senior management who:

  • Can identify assets of value to the business
  • Understand the value of assets to the company
  • Understand the potential threats
  • Understand their vulnerabilities
  • Has authority to implement controls

This would include, but is not limited to the following positions: Operational Unit Heads, IT Manager, Development Manager, IT Director/CISO, Solution Architects, HR Manager, Facilities Manager, any other Business Unit Heads.

Outcomes

At the end of the workshop you should have the following:

  • 1. All key risk holders educated on the process and tools needed for Risk Assessments;

  • 2. An defined Asset List
  • 3. A Risk Register for each business unit/area;
  • 4. A process to conduct regular risk assessments and review the risk management activities.

How can Nettitude help?

Give us a call today to find out how we can help you improve and advance the approach to security for your organization.

Nettitude has a team of technical consultants qualified as Security Assessors for PCI DSS, PA-DSS, P2PE, ISO27001 and much more. We also have an Incident Response unit deployed for various activities including data breach analysis and data discovery. We are an Approved Scanning Vendor (ASV) registered by the PCI Security Standards Council (SSC) to conduct authorised vulnerability Scans for PCI compliance.

Nettitude is a member of The Council of Registered Ethical Security Testers (CREST) and certified by the UK Government to deliver cyber security testing (e.g. IT Health Checks) as a CHECK green light company.

Sample reports are available on request. For more information on Nettitude’s Cyber Security Services please contact us directly at solutions@nettitude.com.