Risk Assessments

A CipherTechs Risk Assessment is a highly prioritized assessment of an organization’s current security stance.

Using field-tested methodologies, we help clients identify existing and emerging potential security risks, specifically targeting those that pose the greatest threat to core business goals. The CipherTechs Express Risk Assessment (ERA) is designed as a “quick-hit” service, providing an expedited summarization of shortcomings in a company’s defenses. It can stand alone as a high-level discovery exercise or can serve as a point of departure for a more comprehensive Vulnerability Assessment that examines security control failures in depth. The ERA can be performed against industry standards, internal IT controls, or industry regulations.

Who’s it for

Before organizations decide where to invest IT security resources, it is essential that they have at least a basic idea of their overall cyber risk profile. CipherTechs’ Cyber Security Risk Assessments are designed to provide concrete points of reference in a very short timeframe. Companies with an immediate information need, whether to determine budgetary priorities or to fill knowledge gaps, are therefore the best candidates for this service offering. Given the expedited approach implied by an ERA, this service is also most effective for small- and medium sized organizations with a need to get the most out of limited security budgets.

How is it performed

In a CipherTechs Cyber Security Risk Assessment, CipherTechs’ auditors conduct a series of interviews with the client personnel in charge of IT Operations and Cyber Security. If necessary, multiple stakeholders are brought together in a single session for facilitated discussions of security risks and their specific potential impact on company business.

Our auditors initiate the risk assessment exercise by creating a list of organizational security objectives and then link these objectives to potential risks; classifying them according to likelihood and potential monetary impact. CipherTechs can also review current client security solutions to identify the effectiveness of existing controls. The condensed company risk profile developed from these interviews and reviews has a variety of applications, especially in terms of prioritizing security control enhancements and implementations.