Redhawk Network Security Risk Assessments Provide Compliance Assurance
Risk assessments are not only important but are required. If you need to be compliant with industry standards and federal regulations—including HIPAA, PCI DSS, NIST 800-171, the Gramm-Leach-Bliley Act (GLBA), Federal Financial Institutions Examination Council (FFIEC), Federal Deposit Insurance Corporation (FDIC), or National Credit Union Administration (NCUA)—you need to conduct a risk assessment. The risk assessment is the best way to assess your company’s risks, identify your vulnerabilities, and determine how exposed your data is.
Redhawk Network Security Risk Assessments identify your hazards and risk factors that could cause harm, analyze them, and determine the best course of action to mediate the risk. Our risk assessment process will:
- Gather data regarding your information and technology assets.
- Determine threats to assets, vulnerabilities, existing security controls and processes, and current security standards and requirements.
- Analyze the probability and impact associated with the known threats and vulnerabilities.
- Prioritize the risks to determine the appropriate level of training and controls necessary for mitigation.
Redhawk Network Security risk assessments can:
Define Key Concepts and Information Flows, including:
- Information Asset Definition(s)
- Impact Area—Creating an Impact Criteria Matrix
- Defining and producing Information Asset Flow Diagram(s)
Define Threats and Vulnerabilities
- Technical - Deliberate
- Technical - Inadvertent
- Technical - Failure
- Physical Security
- Social Engineering
- Disaster Events
Conduct an Initial Risk Assessment, including the Probability Groups:
- Human - Deliberate
- Human - Inadvertent
- Technical Failure
- Disaster (Natural and Man-Made)
Develop Control Recommendations. Finding the Most Effective Methods for:
- Decreasing the probability of a Threat Scenario occurring
- Decreasing the impact that can be caused by a Threat Scenario
- Decreasing the time and privacy available to Threat Sources at key points
- Enhancing Incident Response capabilities
- Enhancing Business Continuity and Disaster Recovery capabilities
Conduct a Residual Risk Assessment. Using the Above Information to Develop:
- A finalized list of threat-vulnerability pairs for each Risk Category complete with residual impact values by Impact Area, residual Impact Scores, residual probability values, and residual risk values
- A list of Risk Categories with initial consolidated risk values
At Redhawk Network Security, we are not just about “checking the boxes.” We partner with you to help you understand your risks. We offer comprehensive recommendations, support, and services based on best practices—and provide you with a complete risk analysis and data flow map. Conducting ongoing risk assessments can help you:
- Identify weaknesses in policies, procedures, and information systems
- Identify vulnerabilities for mitigation to help prevent data loss and data breaches
- Help you meet compliance
Redhawk Security Cycle:
Assess, Decide, Address, Evolve, Test, Repeat
Our well-executed security cycle provides companies with a risk management-based methodology for integrating security assessment and auditing. The assessment structure is key to a well-functioning information security program.
The cycle involves evolving and testing programs, including penetration testing, network scanning, and physical inspection of the actual implemented systems and controls. These audits and assessments will feed back into the program and provide you with the ability to make adjustments.