Risk Assessment

Essentials

Risk assessments are being increasingly relied upon by mature organizations to gain an enterprise-wide view of their security risks. With regulations like Sarbanes-Oxley, PCI, and HIPAA increasingly pushing organizations to perform security risk assessments, it’s become more important than ever before to have one performed. Based on ten years of experience assessing entire security programs, SecureState has developed a suite of offerings around its Risk Equation to help a client understand where it truly stands in terms of Security Risk.

The iRisk Framework provides a client with a true assessment of its Security Risks
An iRisk assessment can help meet PCI, Meaningful Use, and other regulatory requirements

Benefits

An iRisk assessment will provide an organization with a global view of its information security risks and a framework which can easily be aligned with most Enterprise Risk Programs. This provides security with much greater visibility among executive leadership and places security risks in their proper context with other business risks like liquidity, supply chain management, and reputation.

Many regulations have begun to more narrowly define what they look for in a risk assessment…the “finger to the wind” assessments of the past are no longer good enough. SecureState’s PCI auditors (QSAs) have reviewed the PCI Council’s recent risk assessment guidance to ensure that the iRisk assessment aligns with and meets PCI requirements. Additionally, the IRisk Assessment has been aligned with the ISO 27005 framework and can be used to meet Meaningful Use and other risk assessment requirements.

Expertise

SecureState consultants have experience with a wide variety of Risk Assessment methodologies including FAIR, OCTAVE, NIST, and ISO 27005. Our Profiling practice has a team of experts who perform custom vulnerability research and align ratings with the CVSS vulnerability rating system. Our audit practice contains consultants with years of experience performing HIPAA, PCI, ISO 27002, and many other control assessments. SecureState’s Advisory Services practice has assisted numerous clients in performing Threat Assessments, as well as pulling together Threat, Vulnerability, and Control data to identify a client’s residual iRisk.

Get Scoping Questions Now!

Fill in your details and you can download a FREE questionnaire to ask your vendors.

Your Name

Your Phone

Your Email

Your Company

We will not share or distribute your email to anyone. It will be used solely to contact you about the service you have inquired about.

Did You Know?

SecureState’s approach to Risk Assessment will help a client to meet regulatory requirements such as PCI-DSS, HIPAA, and ISO 27001
SecureState’s iRisk Assessment aligns with the ISO 27005 standard
SecureState can leverage existing assessments that have been recently performed

Our Approach and Methodology

There are multiple steps that go into performing a full risk assessment. Typically SecureState will perform the following:

Business Process Mapping
Asset Inventory
Vulnerability Assessment
CMMI Control Assessment
Threat Assessment
Risk Analysis
Recommended Risk Treatment Plan

If there is a specific regulatory requirement being targeted, such as PCI, these steps will be tailored to meet that requirement, and additional ones may be added. If a client has already performed one or more of these steps themselves, that information can potentially be leveraged during the iRisk assessment, eliminating duplicate efforts.

What Makes Us Different

SecureState ties together the work of Penetration Testers, Auditors, and other assessors to produce a single result.
SecureState’s iRisk framework is open source, and freely available to anyone who wishes to leverage it
SecureState can perform a Risk Assessment which aligns with FAIR, OCTAVE, NIST, or ISO 27005 methodology