Risk management frameworks guard an organisation against all manner of potential disasters

Information security has developed into perhaps the most important aspect of such frameworks.

At Stratigence we work to ensure that your organisation’s information security risk framework is capable of protecting valuable and sensitive data, and that it aligns with your broader risk framework. We work to understand the potential threats that your company faces, before helping you to reduce or mitgate these entirely.

Risk management frameworks guard an organisation against all manner of potential disasters, and information security has developed into perhaps the most important aspect of such framework.

Information security has developed into perhaps the most important aspect of such frameworks.

At Stratigence we work to ensure that your organisation’s information security risk framework is capable of protecting valuable and sensitive data, and that it aligns with your broader risk frameworks. We work to understand the potential threats that your company faces, before helping you to reduce or mitgate these threats entirely.

What sort of things are assessed?

Until you’re knee deep in it, cyber security risk management can be a somewhat abstract concept. So what does it involve in real terms?

Example 1: Email

Company A uses Outlook for email. In this example, a risk management team would ask the following questions:

  • If Outlook went down, would the company still be able to function?
  • How reliant is the company on Microsoft?
  • Does Microsoft back up information?

  • Is backed up information encrypted?

  • If information does need to be restored, what’s the process, and how long would it take?

  • Do you have an offline back up of critical systems? (The answer should always be yes.)
Risk Assessment

Example 2: Permissions

Company B employs basic user authentication to grant access to their business systems. We’d begin the process of assessing risk by asking:

  • Are different permissions granted to different employees?
  • Do any employees have permissions that fall outside of their scope?
  • Are administrator permissions granted only to those who need them?
  • Do you allow remote access to your business systems?

  • Are there appropriate security controls for remote access?

The answers to these questions would serve as the basis for a risk management framework, from which recommendations would be made.

Risk Assessment

The process

How does the cyber security risk management process play out? At Stratigence we employ five simple steps.

Step 1: Define the scope

Identify which information assets should be included in the review, and the budget and timeframes that you’d prefer to work within.

Step 2: Review current controls

What risk management protocols are currently in place? Can they be improved, or should they be replaced?

Step 3: Workshop risk profile and threats

What is the desired risk profile? What are the possible threats? Answering these questions can be a challenge, particularly with the variety of risks any organisation might face – from hackers, through to acrimonious employees, and even natural disasters like earthquakes. We seek to gain an understanding of potential threats by comparing similar organisations.

Step 4: Complete gap assessment

How does the desired performance of our risk management framework compare to the actual performance?

Step 5: Recommend next steps

Propose a set of prioritised controls to be implemented within the first year. The plan will be crafted to fit within your budget and timeframe, focusing on the highest risks first.

What you’ll get

By working with Stratigence on your cyber security risk, you’ll get:

  • A risk matrix: Either in SP800-39 NIST or CIS RAM 1.0 form, which provides a visual representation that will allow you to more easily and more effectively quantify your risk.
  • Recommendations: We’ll provide recommendations on how your risks might be mitigated or managed, giving you the option of either implementing strategies yourself, or having our expert team implement them for you.

What you’ll get

By working with Stratigence on your cyber security risk, you’ll get:

  • A risk matrix: Either in SP800-39 NIST or CIS RAM 1.0 form, which provides a visual representation that will allow you to more easily and more effectively quantify your risk.
  • Recommendations: We’ll provide recommendations on how your risks might be mitigated or managed, giving you the option of either implementing strategies yourself, or having our expert team implement them for you.

Cyber security risk management will only become more vital as threats become more common and cunning. So get on the front foot with risk protection.

Check out some of our other cybersecurity services

Information Security Compliance

Technology Roadmapping

Cyber Security Architecture

Scalable software