Related Links

Information Risk Management Services

A risk assessment is a critical tool for identifying and prioritizing vulnerabilities and weaknesses, and their remediation. While risk assessments come in many flavors, forms and scope-selection of the right one is key-broadly speaking they are systematic, top down analyses and including the following components:

  • Inventory of critical information assets - enumeration of all applications, hardware, operating systems, databases, and supporting network and security systems that handle or store critical information (IP, financial data, human resource, critical monitoring data, etc.). These assets will be subsequently weighted by criticality.
  • Identification of threats - enumeration of the threats that could compromise the confidentiality, integrity, and availability of the information assets above. During this step, Illumant will use best practice security frameworks and standards to ensure completeness.
  • Identification of vulnerabilities and threat mitigation measures - review of vulnerabilities in networks and systems, weaknesses in security processes, and existing defense mechanisms that may increase or reduce the likelihood of the threats being realized.
  • Impact analysis - analysis of criticality of assets and likelihood of threats to determine the potential impact associated with various compromise scenarios.
  • Identification of remediation activities - identification of options for introducing or enhancing security measures and processes to remediate vulnerabilities and improve the defense of critical, at-risk assets. Costs and benefits of the various remediation activities will be analyzed and ranked by effectiveness

Once a risk assessment has been completed, the results can drive the creation of the security program roadmap:

  • Schedule of remediation activities
  • Estimated internal effort required in terms of man-hours
  • Estimated external resource requirements and cost
  • Itemized hardware or software requirements including cost estimates

These services allow our clients to properly identify risks and develop mitigation strategies as part of an ongoing security program. A well developed roadmap should anticipate evolving corporate needs and challenges and should prepare the company to stay ahead of the security curve while capitalizing on its enormous growth potential.

The deliverables for such a project at a minimum include:

  • Risk assessment overview: a summary document describing the findings of the risk analysis
  • Risk assessment matrix: a detailed spreadsheet cataloging critical assets, threats, vulnerabilities, mitigating factors, threat likelihood, impact, remediation options, and costs
  • Roadmap document: a planning document describing remediation projects, estimated timelines, internal/external resource requirements, and associated costs

For more information see our white paper: Illumant_Risk_Assessment_White_Paper.pdf