What would your organization do if their information systems crashed? What would they do if they could not be recovered for a week, a month, or possibly ever? How would your business respond to a fire, a flood, or an explosion caused by a gas leak? Are you prepared to respond to an intruder in your work place or a cyber intruder in your network? And how would you respond if you found out that your most sensitive information had been breached and is being sold on the internet? Possibly these and many others are risks to your enterprise. The function of a risk program is to identify potential risks and develop plans to address those risks.
Most security standards, if not all, require some risk activities. Many regulatory bodies also require risk management processes. If you have employee or customer health information, accept credit cards for payment, handle government data, or are a banking or financial institution, you have an obligation to incorporate risk practices into your standard security practices.
RISK MANAGEMENT PROCESS
Risk assessment is a key component of a holistic, organization-wide risk management process as defined in NIST Special Publication 800-39, Managing Information Security Risk: Organization, Mission, and Information System View. Risk management processes include: (i) framing risk; (ii) assessing risk; (iii) responding to risk; and (iv) monitoring risk. Figure 1 illustrates the four steps in the risk management process—including the risk assessment step and the information and communications flows necessary to make the process work effectively.
Image Source: NIST
Immersion leverages established information security risk processes as outlined by the National Institute of Standards and Technology (NIST). We agree with NIST that the role of information security in managing risk is critical to the success of organizations in achieving their strategic goals and objectives. We can assist in the design and development of a larger risk program or augment existing risk processes by providing objective third party risk assessments in support of strategic, organizational, or compliance directives. We also perform assessments in support of vendor management/compliance and to assist with mergers and acquisitions. Some of our offerings include:
Immersion can help you identify and prepare for risks that could impact the viability of your business. Whether you would like us to perform specific risk services, assess your current risk management program, or help you stand up a new risk program, we have the experience to guide you through the process.
If your organization doesn’t currently have a risk management program, if you wonder if your current risk practices are adequate, if you haven’t had a risk assessment in the last year or if you want to have the added comfort of a third party assessment, don’t wait to be on the front page of the Wall Street Journal, let us help you prepare for the inevitable.
Providers of vCISO (Virtual Chief Information Security Officer), Secure MSP (Managed Service Provider), Compliance and Consulting.
Immersion Security is a team of dedicated cyber security experts and researchers who are dedicated to bringing the best and most up-to-date information, technology, and practices to your business.
37 N. Orange Ave.
Orlando, FL 32801