Risk Assessments

Project Snapshot –

Risk assessment is the foundation upon which any IT security plan is built. The best risk assessment solutions identifies security strengths and weaknesses in a network or system. It provides a detailed review and evaluation of a company's network, allowing the development of a baseline security policy from the data collected. It also enables a company to ensure that current security standards are being met.

A risk assessment is the methodology by which an organization's assets, threats, vulnerabilities and existing safeguards are identified. Risk assessments also attempt to estimate the likelihood of exploitation of vulnerabilities and the impact and cost associated with the occurrence of the exploitation. The risk assessment also makes recommendations to mitigate the threat of the vulnerability occurring and may provide an estimated cost of implementing the recommendation as well as a cost benefit analysis of the recommendation. Risk assessments include a vulnerability assessment and can also be augmented with penetration testing to try and exploit any vulnerabilities that may have been found.

Carson Associates can conduct detailed IT security audits (physical, personnel, systems, procedures) and electronic penetration attempts to determine if security requirements are being satisfied. We use a complex range of toolsets that allow us to provide this capability to our clients, including SAINT®.

As part of this effort, Carson Associates will also identify vulnerable information technology assets and determine the estimate of loss if the asset is compromised. The resulting report prepared by Carson fully complies with National Institute for Standards and Technology (NIST) security risk assessment criteria recommendations.