Risk Management

Put teeth into your Risk Management Program

A Risk Management Program is a tool for your management team. Its objective is to identify actions to implement cost-effective controls to protect your company's information assets, and to monitor ongoing performance of these controls

You select the standard, either NIST 800-37 (RMF) or ISO 27005

  • We craft a policy for you to cover:

      • The risk management process

      • Categorization of risk

      • Selection of risk treatments for each risk

      • Specification of risk tolerance

      • Requirements for risk acceptance

  • We perform a semi-quantitative risk assessment with you to build your Plans of Actions and Milestones (POAM), and Incident Response Plans

  • Periodically, effectiveness of risk treatments is assessed and any corrections identified.