Risk Management

As business operations become more and more tightly coupled with IT systems, the ongoing stability, security, and function of the network becomes critical to overall business continuity. Risk management, the process of weighing the costs associated with protecting IT systems against the value of those systems and the data they house, is therefore paramount to ensuring the success and productivity of ongoing business operations.

When assessing risk, Applied Trust will work with your staff to assess and document such areas as:

• System characterization — We will provide a summary of pertinent information about your infrastructure.
• Threat identification —We will document factors that may present a threat to your systems. Not all issues in this context are necessarily security threats; we will also identify potential threats related to such events as natural disasters, human error, or system malfunction.
• Vulnerability identification—We will provide you with a list of network vulnerabilities and a set of recommendations for mitigating those vulnerabilities. As with threat identification, we will identify not only security vulnerabilities but also those that may be related to other factors.
• Control analysis—We will conduct an analysis of the controls that have already been implemented or are planned for implementation, to significantly reduce the likelihood of a threat actually being exploited.
• Likelihood determination—We will rate potential vulnerabilities according to the likelihood that they may be exploited, using a scale of high, medium, or low.
• Impact analysis—We determine what the overall impact on the network would be if a particular vulnerability were successfully exploited.
• Risk matrix—Our next step is to develop a matrix of risks, representing the likelihood of a vulnerability’s being exploited and the potential magnitude of the impact on the system.
• Control recommendations—The final step of a risk management engagement is for us to document the necessary controls for mitigating or eliminating the identified risks.

Contact us at 303-245-4545, or visit us on the Internet, to get professional assistance with your IT risk management needs.