Enterprise Risk Assessment
Service Description
The enterprise risk assessment is a top-down analysis of an organization’s security posture. Leveraging vulnerability data and security information gathered through other assessment components, along with data collected through targeted questionnaires and interviews, CAG performs a quantitative and qualitative risk analysis to determine the top threats to information security, the biggest vulnerabilities, and the largest opportunities for risk reduction through cost-benefit analysis.
Our Methodology
CAG uses a unique risk evaluation model that provides the basis for a report which describes key assets, threats and vulnerabilities, and recommendations for risk mitigation. The model can be used for scenario planning and to revalidate the organization’s security posture following risk mitigation activities. The enterprise risk assessment adds an important strategic level of analysis to security planning and helps to align security goals with overall organizational objectives. This global context is lacking in most of our competitor’s offerings.
As the baseline of our Information Security Risk Assessment we use the National Institute of Standards and Technology (NIST) Cybersecurity Framework, in addition to any other frameworks or compliance standards relevant to the business (e.g. industry, PCI, GLBA, HIPAA).
Scope: CAG will typically conduct up to three interviews for this analysis.
Our Deliverables
In addition to the usual status updates and meetings, CAG will deliver written drafts of the following material:
- Enterprise Cyber Risk Assessment for Executive Leadership
