Business process review and risks assessment are the basis of any information security program and regulatory compliance project. Bright Consulting detailed methodology, based on world’s best practices, identifies the IT assets, threats, and vulnerabilities that introduce risk to your organization, prioritize identified risks and recommend risk management strategies to mitigate, transfer, accept, or avoid those risks in conformity with risk appetite and risk tolerance levels of your company.
The following steps describe the Risk Assessment methodology adopted by our CISA certified consultants:
- Identify company assets at risk considering the specifics of your organization;
- Specify risk events and vulnerabilities related to assets already identified;
- Determine the probability of risk occurrence and frequency of events;
- Assess the impact of the events;
- Develop risk mitigation options;
- Conduct study on feasibility of available mitigation options;
- Develop report comprising risk assessment findings along with cost and benefit analysis.
Our understanding is that risk management is a continuous process that does not end with implementation of required countermeasures and controls. Attention needs to be paid to residual risk and efficiency of the risk mitigation process including risk acceptance. In order to effectively manage those two components of your risk management framework, they have to be continuously measured and monitored.
Our certified information systems auditors are available to assist you in this endeavor, while preserving compliance with your company’s policies and auditors’ ethics. For a thorough assessment of your needs please contact us.
