IT Risk Management
One of the most important aspects of any security engagement is the execution of a thorough risk assessment.
Risk management is the process that allows IT managers to balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting the IT systems and data that support their organizations’ missions. This process is not unique to the IT environment; indeed it pervades decision-making in all areas of our daily lives
One of the most important aspects of any security engagement is the execution of a thorough risk assessment. Cognosec’s best-in-class risk services are rooted in highly recognized frameworks such as the COSO, COBIT 5, ISO, and NIST, as well as industry best-practices. Procuring a risk assessment with allow an organization to make appropriate, risk-adjusted decisions working towards the achievement of their organizational objectives and the satiation of their stakeholders.
The NIST risk assessment methodology encompasses nine primary steps: Step 1 System Characterization Step 2 Threat Identification Step 3 Vulnerability Identification Step 4 Control Analysis Step 5 Likelihood Determination Step 6 Impact Analysis Step 7 Risk Determination Step 8 Control Recommendations Step 9 Results Documentation