|
Risk Assessments
An effective Information Security Program bases its decisions about which controls to deploy on an analysis of the risks it faces. Risk Assessments, the processes used to identify and understand these risks, may vary in scope:
- Comprehensive - an examination of all types of risks throughout the enterprise, including those introduced by major changes in the environment;
- Application-Based - an assessment of risks in applications and on supporting infrastructure throughout the Development Life Cycle;
- Third Party - an evaluation of risks associated with using third parties;
- Vulnerability - the identification of technical (e.g. out-of-date patches) and non-technical (e.g. awareness) vulnerabilities using scans, penetration tests, etc.; and
- Ad Hoc - risk assessments performed on new technologies, acquisitions, etc.
Companies should base the selection and frequency of use of risk methodologies on the value of the information processed and stored. CyberEnsure can help you select and implement appropriate methodologies. Please contact us for more information.
The CyberEnsure Team
866-CYBER11 (866-292-3711) toll free
|
