Risk Assessment (RA)

The risk assessment is a top down analysis of an organization's security posture. Leveraging vulnerability data and security information gathered through other assessment components, along with data collected through targeted questionnaires and interviews, Illumant performs a quantitative risk analysis to determine the top threats to information security, biggest vulnerabilities, and largest opportunities for risk reduction through cost-benefit analysis.


  • Top down risk assessment
  • Inventory of critical assets
  • Identification and severity of vulnerabilities
  • Enumeration of threats
  • Calculation of risk
  • Risk factors
    • Confidentiality
    • Integrity
    • Availability
  • Cost-benefit analysis of risk remediation efforts


  • Sensitive data
    • Customer data
    • ePHI
    • Financial info
    • SSNs
    • CCNs
  • Critical systems
    • Servers
    • Applications
    • Databases
    • Laptops
    • Desktops
    • USBs, DVDs, etc

top-down strategic risk assessment asset inventory vulnerability analysis threat model

ePHI SSNs CCNs customer data financial info IP servers applications desktops laptops storage file servers databases sharepoint USBs DVDs

Best-practices HIPAA