Identifying and Addressing Risk

Identifying and Addressing Risk

Risk assessments are an essential part of measuring the broad spectrum of organization’s risks inclusive of IT, security, personnel, and policy risk. Risk assessments are often performed as a compliance requirement, and provide a valuable window into areas of improvement and help reduce material risk to the organization. 

A Defined Comparison:

Risk Assessments vs. Vulnerability Assessments

The term risk assessment is often used in a broad sense, and differs slightly depending on the industry. We define Risk Assessment as a detailed risk analysis and prioritization process evaluating Technical, Administrative, and Organizational controls. 

This process historically leverages spreadsheets, however we leverage software-based questionnaires and organizational tools, which are used to assist in gathering evidence and information from key stakeholders. Compliance may dictate the controls and frameworks that need to be used to properly assess risk, and we have practices in place to address these requirements.

The most effective risk assessments include a Vulnerability Assessment which is a specific scan to identify and prioritize technical vulnerabilities in computer systems, software applications, and network infrastructure.

Reporting

The assessment deliverables are compiled into several reports, including an executive summary, which focuses on the concept of risk mitigation and prioritization, and leaves behind much of the granular technical details. Additionally, an exhaustive scan report of your environment is provided to the IT team, returning specifics on vulnerabilities. This report assists in creating an actionable roadmap, and prioritizes remediation recommendations.

Above is an example of a vulnerability report generated by FirmGuardian’s risk management team.

Above is an example of a vulnerability report generated by FirmGuardian’s risk management team.

Vulnerability Remediation and Risk Mitigation

FirmGuardian provides a platform to assist customers in remediating risks and vulnerabilities. No longer are the days where a report is the final deliverable in closing out a project. We know all too well that a report delivered to a client, with no assistance in organizing the remediation efforts, is not one that often succeeds. Our portal provides and ongoing communication channel to remedy identified risk, communicate new discoveries, and provide a task list for IT teams to create measurable goals.