INFORMATIONAL SECURITY RISK ANALYSIS
An informational security risk analysis is an independent evaluation of the information security risks of an organization.
Problems it will solve
- An informational security risk analysis will minimize the risks related to an organization’s low level of informational security by independently evaluating the risks and preparing a plan of risk management and recommendations for raising the level of the organization’s informational security.
- The analysis will also create a long-term security policy based on the current and potential threats and risks as well as the assets of the company and their value regarding the world’s best practices of providing informational security.
The report on the Informational security risk analysis contains (Deliverables)
- An evaluation of the security level of the network’s infrastructure;
- Information on potential vulnerabilities and possible threats;
- An analysis of the measures taken to provide informational security;
- A registry of risks with a description of their probability, influence, and consequences;
- A risk management plan that contains:
- Information on the reaction strategy for each of the discovered risks and the responsible party;
- A list of functions for risk management with regard to the security policy of the organization; and
- The informational security policy of the organization, which includes recommendations on the optimization of the network infrastructure with regard to providing informational security.
Example of the service
To gradually realize the IT infrastructure development strategic project of a large business chain, the management made a decision regarding its expert evaluation. On the basis of the results of the risk analysis, significant changes were made to the structure of the program. Certain omissions were discovered.
For instance, no fail-safe infrastructure had been created for the most critical resources. Resources with easy accessibility had been provided with overly expensive equipment. The order of certain stages also had to be changed. The compliance with the regulator requirements was fulfilled. As a result, the regulator check-up was done much faster and was successful.
Scope of work
- Information analysis on the system, its users, and their goals;
- Choosing and justifying the IS risk calculation methods;
- Initial data gathering and analysis;
- Informational asset recognition;
- Categorization of resources with regard to their importance;
- Risk map calculation;
- Determining current and sufficient countermeasures;
- Preparation of the report and recommendations on the results of the project;
- Preparation of a set of technical solutions to raise the IS level; and
- Preparation of the project results presentation.
- DS LifeCycle Management System
The client organizes a work group headed by a supervisor that participates in the process of providing data and a more effective evaluation of the severity of certain business processes.