Risk Assessment and Security Auditing

Risk assessment is the process whereby we estimate a ‘riskiness’ coefficient which is then associated with each auditable unit within a business. In order to identify and quantify risks, we require that identified gaps are assessed for risk level against prioritised assets, which are themselves carefully aligned to business demands. In order to complete this task, map the business criticality of systems against discovered gaps in order to produce a prioritised list of recommendations. The scope of the risk analysis will require further definition and tuning following the gap analysis to derive optimum value against effort.

All our consulting solutions and services are closely aligned with industry and international standards and methodologies, including ISO 27001. Our extensive work in risk assessment and security within the financial services and general large enterprise sector, enables ITC to offer experience with the flexibility to provide a vast range of reviews based on demands faced by the clients. For details of our in-house experience, please refer to our corporate introduction pages in About ITC.

Benefits

• Assessment against regulatory compliance
  Demonstrates best endeavours and best practice for regulatory requirements
• Improves consistency
  Brings an objective approach to all security reviews, which applies across all departments
• Quantitative methods may be more easily defended
  E.g. to external parties
• Greater productivity
  Through regular updates and staff awareness/ training; formalising and automating the review increases productivity
• Cost efficient
  Cost justified security
• Increased security awareness
  Involves a greater range of staff

Features

• Policy, architecture and asset discovery and classification
• Process & procedures information gathering
• Controls and information identification
• Vulnerability scanning
• Penetration testing, as required
• Configuration capture
• ISMS approach selection, implementation and issue identification
• Gap analysis
• Risk Assessment - identifying associated gap between client practice and best practice such as ISO 27001
• Recommendations & roadmap
• Project delivery to PRINCE 2 methodology

Why ITC?

At the heart of all our services we try to protect the environment in which you work, primarily through reducing the risks your network may face and maintaining contact in order to audit and re-audit your network. We have long-standing success in this field, and always offer our most senior consultants for the job, all of whom are available 24/7 for all support and service needs you may have.