Information Assurance Services: Risk Assessment
Many threats to information security exist, but not
all have the same chance of being exercised by an
attacker, and not all threats carry the same business
impact. Risk assessment identifies where risk is
concentrated, and helps management to make clear and
rational decisions on how to manage that risk.
Information assurance is often traced back to a
statement of policy. Closer examination will show
that the basis for good policy is an understanding of
the terrain—the risks to be managed—and a plan
to help the organization navigate the terrain
successfully.
Assessing risks to information can be done in a way
that information management spending can be brought
more closely in line with business objectives,
mitigating the most likely and most costly problems
that can occur.
Interhack's Risk Assessment methodology is based on
the recommendation of the National Institute for
Standards and Technology (NIST). Part of the
U.S. Department of Commerce, NIST provides standards
and recommendations for a wide variety of technologies
and their uses. Interestingly, NIST also cites
Interhack's research work in some of its own Special
Publications.
Major components of the Risk Assessment methodology
include:
- System Characterization
- Threat Identification
- Vulnerability Identification
- Safeguard Analysis
- Likelihood Determination
- Impact Analysis
- Risk Determination
- Safeguard Recommendations
- Results Documentation
These results and recommendations plug directly into
our system for
Risk Mitigation.
Understanding risk in information systems can be
complex. Finding a reputable vendor with the kind of
expertise needed to perform risk assessment well
doesn't need to be. Let Interhack show you how risk
assessment can help you manage information technology
spending, while also making -- and keeping -- your
information safe.
