• What is your biggest security concern and is your security spend
    and expertise properly allocated to address that risk ?

    How confident are you of your ability to demonstrate compliance ?

    How realistic is your plan to address the security gaps
    that you might have today ?
  • Do you have a clear picture of your overall security posture and
    of how it relates to industry best practices ?

    Did you know that the third parties with trusted access were responsible
    for 41% of the detected security incidents at financial services organizations ?

    Have you ever thought of what is the security risk posture of the organization?

Risk Assessments

Risk assessment is the cornerstone of a comprehensive and legally compliant safety management system and at Defenseroot we pride ourselves on providing a practical, quality and legally compliant solutions to our clients.Moving beyond the traditional vulnerability assessment, our Risk Assessment Services help you to identify and mitigate the risk to your virtual infrastructure by reviewing the people, process and technology surrounding the targeted infrastructure, which pinpoints vulnerabilities, gaps with industry accepted best practices to the architecture, configuration, and ongoing management of corporate assets.

Our risk assessment process consist of:

Our approach starts with defining the risk, which serves as the measure against which buisness risks are compared. From this comparison, management determines whether business risks are acceptable and the criteria for rating the risks.

Along with the managers, we walk through each business function to understand and document the data flow within the business process.

Based on the interviews and walk-throughs, we prepare a Risk Register that documents the risks within a process. We identify the impact of that risk to the organization and the likelihood of its occurence and calculate the Risk Severity.

  • Logging
  • User Authentication
  • Input Validation, etc.

While evaluating the risks, we also identify and document the important internal controls that are in place and functioning in each process. They describe what controls should be in place to safeguard assets but were not in place as well as what controls were in place but did not appear to be functioning properly.

We summarize the control weaknesses by process. For each weakness, we assess the degree of risk and whether management is willing to accept the risk. The degree of risk will be measured by both the likelihood of occurrence and the magnitude of impact.

All risks that management is willing to accept will be removed from further consideration at that time. The risks that management is not willing to accept will be sorted by level of risk (high, medium, or low) and by controls which may need additional investment or just tweaking the existing technology. Management analyzes the types of risks within each level to determine whether there are any pervasive weaknesses of a particular control type.

Our team will prepare an executive summary for senior management. The summary restates the client's mission and objectives, summarize the results of the risk assessment, and make conclusions about the effect of the results on the client's ability to carry out its mission and objectives. This report is used to support the client's requests for further resources to strengthen controls or to institute additional controls that would facilitate achievement of the organization's mission objectives.

After the risk-assessment results had been reported, management is expected to institute new controls or strengthen existing controls to reduce unacceptable risks. Management would hold itself responsible for accomplishing these actions by incorporating them into its annual performance plans or goals. It then would measure its own performance regularly to ensure the actions were taken and control effectiveness was improved.