We help enterprises manage their risks by providing initial risk assessments and decision processes, by creating documentation and standard mitigation packages, and by training internal risk management staff to perform the risk management processes we help to put in place. In select cases we also act as external risk assessment teams during periods when additional staff is needed or in helping to start up programs.
We use an enterprise risk assessment methodology based on COSO and ISO standards as the baseline for creating a risk assessment, management, and remediation approach customized to the client. This includes:
Processes to help determine whether risks can be transferred, accepted and over what time frame, avoided, or mitigated and to what level.
Processes to bring together the stakeholders and risk assessment professionals in making reasonable and prudent decisions.
Processes to assure that enterprise-wide coverage is reached to the level of consequence desired without wasting time on systems that don't warrant in-depth assessments.
We have a large collection of internal processes, documentation, and technology that we customize to each enterprise to help them build their internal risk management practice. This activity includes but is not limited to:
Creating inventory support systems and forms to help collect, retain, and analyze risk-related data.
Creating standard risk remediation plans for risk levels and content types to support reduced effort for effective controls.
Creating work flows to assure that the process becomes normalized and standardized and that it operates over time as an ongoing and effective business process.
The following papers from our library provide some interesting related information:
The "Managing Network Security" series has many relevant articles.
Business modeling for risk management - recent presentation slides
For more information or for a quote, contact fc at All dot Net