Risk Analysis

The purpose of the risk assessment is to evaluate the adequacy of organizations’ security. The risk assessment provides a structured qualitative assessment of the operational environment.

It addresses sensitivity, vulnerabilities, risks and safeguards. The assessment recommends safeguards to mitigate threats and associated exploitable vulnerabilities.

Approach to provide the service

This risk assessment methodology and approach is conducted using the Defence In Depth methodology. The assessment evaluates security vulnerabilities affecting confidentiality, integrity, and availability. The assessment recommends appropriate security safeguards, allowing management to make knowledge-based decisions about security-related initiatives Risk Assessment Process.

This section details the risk assessment process performed during this effort. The process is divided into two sections: pre-assessment and assessment.

Phase I – Pre-Assessment

Step 1: Identify business processes and define the assets
Step 2: Data Collection

Phase II – Assessment

Step 1: Document Review
Step 2: System Characterization
Step 3: Vulnerability Identification
Step 4: Risk Determination (Calculation/Valuation)