Risk Management
Put teeth into your Risk Management Program
A Risk Management Program is a tool for your management team. Its objective is to identify actions to implement cost-effective controls to protect your company's information assets, and to monitor ongoing performance of these controls
You select the standard, either NIST 800-37 (RMF) or ISO 27005
We craft a policy for you to cover:
The risk management process
Categorization of risk
Selection of risk treatments for each risk
Specification of risk tolerance
Requirements for risk acceptance
We perform a semi-quantitative risk assessment with you to build your Plans of Actions and Milestones (POAM), and Incident Response Plans
Periodically, effectiveness of risk treatments is assessed and any corrections identified.