Cyber Risk Assessment
What do you want to protect?
Understanding and managing risk is the foundation of an effective Information Security program. By following a few simple steps an organization can begin to define a risk profile:
- Identify assets
- Assess potential threats and vulnerabilities
- Determine impact and probability of threats
- Apply mitigating controls
The CISO Help Desk integrates risk management into your organization by leveraging industry standard frameworks:
- NIST Risk Management Framework (SP 800-30)
- ISO 27005 & 31000 - Risk Management
- OCTAVE (Operationally Critical Threat, Asset and Vulnerability Evaluation) Allegro Risk Method
Once a risk baseline has been established, an organization can focus on applying an appropriate set of technical and administrative controls. The CISO Help Desk relies on tried-and-true standards to apply the most appropriate controls within your environment.
- Center for Internet Security (Controls v7.1)
- Cloud Security Alliance Cloud Controls Matrix (CCM)
- ISO 27002
- SOC for Service Organizations: Trust Services Criteria
- PCI DSS
- HIPAA Security Rule
Know your value
Understanding risks in your environment and implementing controls to mitigate them is a fundamental pillar of Information Security success. Get started today!