Risk Assessments are carefully prepared for these core business needs:
- IT security
- Physical security
- Operational risk
- A 'quick risk' or high level risk
We provide comprehensive and detailed risk analysis in their respective domains. The quick risk enables a rapid assessment and overview of a whole business system. Each Assessment Report provides management with:
- Vulnerability Levels
- Application Threats and Frequency
- The Use Environment
- System Connectivity
- Data Sensitivity Levels
- Residual Risk, expressed on an individual vulnerability basis
- Detailed Annual Loss Expectancy Calculations
During your Risk Assessment Audit we Evaluate:
Business/Impact
Assesses the relative significance, in terms of potential loss, of all aspects and areas of a system. The results from this audit can be used in determination of which areas are in most need of attention.
Logical Access
All aspects of logical access to and within the computer system are covered:
- user identification and authentication (system access)
- batch submission
- function control
- resource access control
- sensitive data consideration, etc
System Audit
Investigates all areas of auditing, including what records and logs are produced, what audit procedures and practices are employed, what follow-up procedures are adopted, etc.
Security Administration
Security administration practices are ascertained for resource access, system access and security system control.
Contingency
Contingency and recovery are considered in great depth. All aspects are covered, including:
- back-up practice and policy
- the contents of the recovery plan
- the status of the recovery plan
- the recovery location
- general contingency practice, procedure and policy
- network contingency
- application contingency.
System Design
Security considerations relating to application/system design is covered.
Application and Web Development
The development module embraces all security considerations pertinent to application/system development, including documentation, auditing requirements and project control.
Change Control
Covers change control procedures and practice, both scheduled and emergency.
Security Management And Policy
This audit will establish general security status, embracing general and detailed policy, awareness and security management.
Physical Access
All aspects of physical access are examined, including:
- access and damage at a building level
- access to sensitive areas within the building
- protection of individual assets
- procedures to control personnel and others internal to the building/site.
Hardware
Practice, procedure and risk with respect to hardware and hardware maintenance is analysed.
Operations
Close examination of operations procedures and practices is undertaken.
Personnel
Personnel policy is covered, with respect to such matters as recruitment, dependency and supervision.
Hazards
All major hazards are considered, including:
- fire
- flooding/water-damage
- power
- environmental systems
- general issues.
Networks
Network security is analysed in depth. Some of the issues examined are:
Back to main page - use of dial-in
- encryption
- monitoring and audit
- maintenance
- physical controls
- general practice