Securance offers two approaches to complete a comprehensive risk assessment.
1. Framework-based risk assessment
Review of people, processes, and technologies against the risk management, security, or control framework of your choice, your organization’s compliance obligations, and general best practices. Frameworks can include:
- NIST SP 800-53
- NIST SP 800-30
- ISO 27001
Our risk assessment process follows these steps:
- Define the assessment scope
- Identify threat sources
- Identify vulnerabilities
- Determine likelihood and impact of threat events
- Determine the overall level of risk
- Develop a management report
- Support our client in current and future risk mitigation
2. Securance proprietary risk assessment
Securance’s proprietary risk assessment uses an internally developed tool to:
- Quantify the risks associated with auditable technologies and processes
- Generate an IT risk matrix
- Develop a three-year IT audit plan to guide future risk management efforts