Performing a company-wide Information Technology Risk Assessment is a critical step in a successful Information Security Program. This process will help an institution identify all IT assets and determine the residual and inherent risk values for each.
During our extensive audit history 10-D Security has had the advantage of seeing the good, the bad and the ugly when it comes to Information Technology Risk Assessments. We have seen what works and what does not. Risk Assessments are unique to each company. 10-D Security works with management and key personnel to ensure that the risk assessment is accurate and meets the organization’s needs.
Our process for completing a comprehensive IT Risk Assessment involves a number of strategies including interviews with key personnel and review of the Information Security Program. The assignment of rating criteria including Information Sensitivity Classification, Criticality, Likelihood, and Impact of all known threats are used to calculate Inherent Risk of each asset. The controls are then reviewed allowing the assignment of Residual Risk.
Whether creating an IT Risk Assessment from scratch, or updating an existing Risk Assessment, we can help.
Our process for completing a comprehensive IT Risk Assessment involves a number of strategies including interviews with key personnel and review of the Information Security Program.
The 10-D Security Difference
- Assessments performed by former auditors and examiners with vast experience of the inner workings of financial institutions AND in-depth compliance knowledge
- Nationwide auditing experience with ALL types and sizes of institutions
- Examiner approved work paper solution
- Professional, concise, and easy to read reports—delivered promptly
Who Benefits from an IT Risk Assessment?
This service applies to organizations:
- Who require a quick turnaround of reports and deliverables.
- Where management values staff time and resources.
- With a low tolerance for risk and noncompliance.
The Scope of Work
The scope of our IT Risk Assessment engagement is gauged on customer needs. The following areas are included with our IT Risk Assessment:
- Identification of all IT Assets
- Assigning of Asset Owners
- Assigning of information & Criticality of IT Assets.
- Assigning of Inherent & Residual Risk Levels
- Listed Threats and Controls for each Asset.