we secure.

Risk

secure Solutions

How We
Can Help

The ability to perform comprehensive risk management relies on an organisation having a deep understanding of what risk is, how it surfaces and what can be done to mitigate it. With various organisations coming out with their own definition of risk, where does one begin? With our years of experience, we can help organisations identify and combat risk.

A Taxonomy of Risk

OVERVIEW

There are a number of definitions of risk from prominent organisations such as the ISO, NIST and ANSI. What all the definitions have in common is that they centre around ideas of an event that could happen, a probability that it will happen and consequences should it happen.

TERMINOLOGY AND CONCEPTS

These and other concepts that come up in risk management are defined below:

something that may happen and may cause some undesirable consequence

a weakness which, if exploited, can give rise to some unwanted consequence

tangible or intangible but important to the organisation.

the consequences of an event happening. For our purposes, we assume a negative result from the event occurring.

what is the likelihood that the unwanted consequence or event will occur?

“One of the main cyber risks is to think they don’t exist.”

Nappo

plan of action

6 step risk management framework

All risk and security frameworks begin by identifying and catergorising the organisations assets. After this process has been done, security controls can be selected which best protect the asset. These security controls are then implemented and in a following step, assessed for their suitability. Once they have proved suitable, then senior managment must approve their use. The controls implemented must be continually monitored to ensure they meet their objectives.

we are your knowledge partners. all the way through.

Our expertise in all areas of security is always on-hand. Contact us to know more.

you are not alone

our professional services Include:

We help manage your risks.

We take care of the technical issues:

  • e-discovery and asset identification
  • vulnerability analysis
  • implementation of security controls
  • Implementation of event monitoring systems