More and more information about customers, citizens and businesses is been collected. Should this information fall into the wrong hands could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement.
Information security means protecting information and information systems fromÂ unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
Our information security experts help organizations and government to identify point of failure in an organization's IT security and provide solutions to mitigate the associated risk.
Our risk management assessment applies the following process to identify risks:
- Identification of assets and estimating their value. Include: people, buildings, hardware, software, data (electronic, print, other), supplies.
- Conduct a threat assessment. Include: Acts of nature, acts of war, accidents, malicious acts originating from inside or outside the organization.
- Conduct a vulnerability assessment, and for each vulnerability, calculate the probability that it will be exploited. Evaluate policies, procedures, standards, training, physical security, quality control, technical security.
- Calculate the impact that each threat would have on each asset. Use qualitative analysis or quantitative analysis.
- Identify, select and implement appropriate controls. Provide a proportional response. Consider productivity, cost effectiveness, and value of the asset.
- Evaluate the effectiveness of the control measures. Ensure the controls provide the required cost effective protection without discernible loss of productivity.