Redhawk Risk Assessments Provide Compliance Assurance
Risk assessments are not only important but are required. If you need to be compliant with industry standards and federal regulations—including HIPAA, PCI DSS, NIST 800-171, the Gramm-Leach-Bliley Act (GLBA), Federal Financial Institutions Examination Council (FFIEC), Federal Deposit Insurance Corporation (FDIC), or National Credit Union Administration (NCUA)—you need to conduct a risk assessment. The risk assessment is the best way to assess your company’s risks, identify your vulnerabilities, and determine how exposed your data is.
Redhawk Network Security can help you identify your hazards and risk factors that could cause harm, analyze them, and determine the best course of action to mediate the risk. Our risk assessment process will:
Gather data regarding your information and technology assets.
Determine threats to assets, vulnerabilities, existing security controls and processes, and current security standards and requirements.
Analyze the probability and impact associated with the known threats and vulnerabilities.
Prioritize the risks to determine the appropriate level of training and controls necessary for mitigation.
Redhawk Risk Assessments can:
Define key concepts and information flows, including:
Information Asset Definition(s)
Impact Area—Creating an Impact Criteria Matrix
Defining and producing Information Asset Flow Diagram(s)
Define threats and vulnerabilities:
Technical - Deliberate
Technical - Inadvertent
Technical - Failure
Conduct an initial Risk Assessment, including the probability groups:
Human - Deliberate
Human - Inadvertent
Disaster (Natural and Man-Made)
Develop control recommendations. Finding the most effective methods for:
Decreasing the probability of a Threat Scenario occurring
Decreasing the impact that can be caused by a Threat Scenario
Decreasing the time and privacy available to Threat Sources at key points
Enhancing Incident Response capabilities
Enhancing Business Continuity and Disaster Recovery capabilities
Conduct a residual Risk Assessment. Using the above information to develop:
A finalized list of threat-vulnerability pairs for each Risk Category complete with residual impact values by Impact Area, residual Impact Scores, residual probability values, and residual risk values
A list of Risk Categories with initial consolidated risk values
At Redhawk Network Security, we are not just about “checking the boxes.” We partner with you to help you understand your risks. We offer comprehensive recommendations, support, and services based on best practices—and provide you with a complete risk analysis and data flow map. Conducting ongoing risk assessments can help you:
Identify weaknesses in policies, procedures, and information systems
Identify vulnerabilities for mitigation to help prevent data loss and data breaches
Help you meet compliance
Redhawk Security Cycle:
Assess, Decide, Address, Evolve, Test, Repeat
Our well-executed security cycle provides companies with a risk management-based methodology for integrating security assessment and auditing. The assessment structure is key to a well-functioning information security program.
The cycle involves evolving and testing programs, including penetration testing, network scanning, and physical inspection of the actual implemented systems and controls. These audits and assessments will feed back into the program and provide you with the ability to make adjustments.