During the life cycle of any IT project, especially those aimed to improve critical infrastructures, the range of threats to information and IT security is constantly changing.
The exploitation of existing vulnerabilities can be devastating, resulting in various types of damages – from operational capacity reduction and loss of key functionalities to negative feedback from customers and eventually financial loss due to non-compliance penalties.
Risk management is a core leadership approach that ensures any potential threats to achieving objectives are identified and managed before they block your project.
isec has developed a dedicated service to identify risks, optimal security controls and associated methods to measure efficiency. Our service can be customized based on the specifics of any IT infrastructure. When the customer has little or no risk management methodology available, we are ready to recommend our own approach.
The service may be divided into three stages, as follows:
During the first phase, interviews shall be conducted with security, compliance and technical staff, as well as with senior managers (process owners and service/business line managers)
The process continues with a risk assessment, based on which we propose risk treatment methods such as risk reduction, acceptance, transfer or avoidance. The effectiveness of existing security controls is estimated and additional security measures may be proposed.
Once agreed on risk treatment methods, we are prepared to recommend implementations measures and estimate theirs effectiveness after implementation. Depending on your organization’s risk acceptance threshold, we identify and analyze residual risks.
We deliver a comprehensive set of documents which maps all project phases and provides complete information regarding the current state of the implemented or under implementation security solution, ways to improve and recommendations for the next phases.
In general, the following points are addressed:
Other deliverables, depending on the service selected by the customer, may be: