Every system, device, application, employee and supplier has the ability to introduce cyber risk into your business. CTI’s Cyber Security Risk Assessment team works with your key stakeholders to understand exactly which of your organizations information assets should be protected and then investigates, identifies and analyzes the vulnerabilities existing within and around them.
Cyber risk assessments deliver actionable recommendations to improve security, using industry best practices & the best technology available.
Determine Data Assets to be Protected
- Identify information assets within the primary types of information the organization handles
- Locate information assets based on where they reside within the organization
- Classify information assets in clear categories, such as public or regulated information
Determine Current Risk Levels
- Identify threats, vulnerabilities and describe risks
- Identify existing controls and determine likelihood of occurrence
- Determine severity of impact and assign risk level
Define Acceptable Risk and Recommend Safeguards
- Identify controls and recommended safeguards to reduce the risk presented by each threat / vulnerability pair
- Determine the residual risk level once the recommended safeguard is implemented
- Examine the likelihood of occurrence of the threat exploiting the vulnerability and the impact severity factors in categories of Confidentiality, Integrity and Availability