Risk assessments are being increasingly relied upon by mature organizations to gain an enterprise-wide view of their security risks. With regulations like Sarbanes-Oxley, PCI, and HIPAA increasingly pushing organizations to perform security risk assessments, it’s become more important than ever before to have one performed. Based on ten years of experience assessing entire security programs, SecureState has developed a suite of offerings around its Risk Equation to help a client understand where it truly stands in terms of Security Risk.
- The iRisk Framework provides a client with a true assessment of its Security Risks
- An iRisk assessment can help meet PCI, Meaningful Use, and other regulatory requirements
An iRisk assessment will provide an organization with a global view of its information security risks and a framework which can easily be aligned with most Enterprise Risk Programs. This provides security with much greater visibility among executive leadership and places security risks in their proper context with other business risks like liquidity, supply chain management, and reputation.
Many regulations have begun to more narrowly define what they look for in a risk assessment…the “finger to the wind” assessments of the past are no longer good enough. SecureState’s PCI auditors (QSAs) have reviewed the PCI Council’s recent risk assessment guidance to ensure that the iRisk assessment aligns with and meets PCI requirements. Additionally, the IRisk Assessment has been aligned with the ISO 27005 framework and can be used to meet Meaningful Use and other risk assessment requirements.
SecureState consultants have experience with a wide variety of Risk Assessment methodologies including FAIR, OCTAVE, NIST, and ISO 27005. Our Profiling practice has a team of experts who perform custom vulnerability research and align ratings with the CVSS vulnerability rating system. Our audit practice contains consultants with years of experience performing HIPAA, PCI, ISO 27002, and many other control assessments. SecureState’s Advisory Services practice has assisted numerous clients in performing Threat Assessments, as well as pulling together Threat, Vulnerability, and Control data to identify a client’s residual iRisk.