Information Risk Assessment

Our risk assessment approach consists of

  • Gap analysis vis-à-vis ISO 27001/ ISO 20000/ Organization Policies/ Good practices/ COSO/ COBIT
  • Vulnerability Assessment
  • Penetration Testing
  • Application Testing
  • Access Control and Segregation of Duties Review
  • Infrastructure Security Review
  • Group Policy/ Active Directory, IDS/ IPS, Firewall, Anti Virus/ Anti Spam/ Malware , Endpoint etc review
  • Mapping the Vulnerability identified to threats and define Probability of Occurence
  • Identify Risk Exposure
  • Risk can be assessed qualitatively OR quantitatively (using financial metrics)