IT Security Risk Management Process

  • Overall security review. This requires a combination of two approaches:
    • Security expert interviews & inspections
    • Network risk assessment tools
  • Risk Analysis
  • Selection of, and analysis of solutions
    • Solutions may include: Configuration changes, products, documentation, policies, procedures, guidelines, training, reporting
  • Discussion with management, implementation
  • Reporting
  • Ongoing monitoring and adjustment (monthly, quarterly, annual)

Since the corporate infrastructure is continually changing, periodic reassessment of external vulnerabilities is necessary to ensure that new vulnerabilities have not been exposed.

Expert Interviews & Inspections

Expert interviews includes discussions with key staff business and IT to better understand the companies plans, goals, policies, processes, issues, infrastructure. This information is combined with the Internal and External Network tests to put together a complete picture of an appropriate security plan.

Network Vulnerability Assessment Tools

The goal of conducting a vulnerability assessment is to identify devices in your network that are open to known vulnerabilities. If not sufficiently secure they can expose your company data or your customer's to theft, corruption, or destruction. These at-risk devices include: perimeter devices such as: firewalls; IPS, routers and security appliances; Web, application and file servers; client PCs and wireless devices.Network assessment tools include the following to assess risks, current vulnerabilities and current breach activities.

  • Internet Vulnerability Assessment - External

    • Non-destructive tests that look for known vulnerability without performing any network requests that can cause damage to your IT network system (if there are exploitable vulnerabilities)

    • Perimeter security systems (i.e., firewalls)
    • Perimeter Network Devices (i.e., Routers)
    • Extranets
    • E-Commerce Assets
  • Corporate Vulnerability Assessment - Internal
    • Internal networks
    • Internal Assets
    • Asset Inventory
    • Remote access servers
  • Network Monitoring
    • Monitor network/internet traffic to determine potential breaches or risk

Call EVDA Group today to discuss how we can help you with your security project. We can implement your custom project or undertake a complete security risk management project depending on your company's needs.