Most businesses define risk as a function of the likelihood of a threat event’s occurrence and potential adverse impact should it occur. For example, let’s take a look at the risk of electrical shock in three scenarios. First, turning on a light switch in humid weather while wearing rubber soled shoes on a wood floor is unlikely to give you an annoying static shock. On the other hand, playing with downed power lines in the rain is highly likely to cause you great harm. Finally, walking alongside the electrified third rail while wearing metal stilts is especially risky, not only because of the high potential for electrocution, but also because such an accident would cause train delays affecting thousands of people. In other words, we consider things that rarely occur and are only minimally annoying to be low risk. Conversely, things with almost inevitable, catastrophic consequences are considered high risk.
Learn about security risk analysis. Call (877) IN-SIXTY
Security risk analysis is different from a security assessment. While every company should undergo a thorough evaluation to identify weaknesses, we know that’s only the first step. During the assessment phase, we will determine your external threat landscape and look at your network’s current security configurations. Afterward, we conduct a security risk analysis. That is, we take the findings from your assessment and create a risk model to quantify the likelihood of a security breach. Of course, there are several factors that go into a risk model. Luckily, OnsiteIn60 has the security risk analysis tools you need to turn your free assessment results into meaningful data.
WHAT IS A SECURITY RISK MODEL?
Security risk analysis calculates several factors
While the analogy above is pretty bleak, your company’s security risk analysis doesn’t have to be! Of course, most companies find that simply rating risk as high, medium, or low isn’t particularly helpful. We understand that you need to focus on the bottom line. To better quantify the cost impacts of your risks, we collect your data in numerical terms, even if they are estimated ranges. For example, when we perform an initial security assessment, we may ask your network admin to provide a range of the length of time that service outages have lasted. If they can tell us that most outages have lasted between 1 hour and 8 hours, then we have hard numbers to work with. In the case of an online retailer, those outages translate directly into lost sales. Therefore, we can calculate a range of cost impacts.
We believe that IT security risk analysis services should be competent, affordable and adjusted to your business requirements. For this reason, we developed a flexible range of security risk analysis plans. Customized to fit the way you do business, our plans can help you make larger decisions about security compliance and security awareness training. Find the one that meets your unique needs and budget.