The Edge Consulting Risk Assessments

Risk Assessments are carefully prepared for these core business needs:

- IT security

- Physical security

- Operational risk

- A 'quick risk' or high level risk

We provide comprehensive and detailed risk analysis in their respective domains. The quick risk enables a rapid assessment and overview of a whole business system. Each Assessment Report provides management with:

- Vulnerability Levels

- Application Threats and Frequency

- The Use Environment

- System Connectivity

- Data Sensitivity Levels

- Residual Risk, expressed on an individual vulnerability basis

- Detailed Annual Loss Expectancy Calculations

During your Risk Assessment Audit we Evaluate:


Assesses the relative significance, in terms of potential loss, of all aspects and areas of a system. The results from this audit can be used in determination of which areas are in most need of attention.

Logical Access

All aspects of logical access to and within the computer system are covered:

- user identification and authentication (system access)

- batch submission

- function control

- resource access control

- sensitive data consideration, etc

System Audit

Investigates all areas of auditing, including what records and logs are produced, what audit procedures and practices are employed, what follow-up procedures are adopted, etc.

Security Administration

Security administration practices are ascertained for resource access, system access and security system control.


Contingency and recovery are considered in great depth. All aspects are covered, including:

- back-up practice and policy

- the contents of the recovery plan

- the status of the recovery plan

- the recovery location

- general contingency practice, procedure and policy

- network contingency

- application contingency.

System Design

Security considerations relating to application/system design is covered.

Application and Web Development

The development module embraces all security considerations pertinent to application/system development, including documentation, auditing requirements and project control.

Change Control

Covers change control procedures and practice, both scheduled and emergency.

Security Management And Policy

This audit will establish general security status, embracing general and detailed policy, awareness and security management.

Physical Access

All aspects of physical access are examined, including:

- access and damage at a building level

- access to sensitive areas within the building

- protection of individual assets

- procedures to control personnel and others internal to the building/site.


Practice, procedure and risk with respect to hardware and hardware maintenance is analysed.


Close examination of operations procedures and practices is undertaken.


Personnel policy is covered, with respect to such matters as recruitment, dependency and supervision.


All major hazards are considered, including:

- fire

- flooding/water-damage

- power

- environmental systems

- general issues.


Network security is analysed in depth. Some of the issues examined are:

- use of dial-in

- encryption

- monitoring and audit

- maintenance

- physical controls

- general practice

Back to main page