An Information technology risk assessment tries to identify the risks, human and natural,
that an information technology asset is exposed to. These range from earthquake,
storms, and fire to human error, fraud, disgruntled employees, and
external intrusion. In addition, an ESTec information technology risk assessment assesses
the vulnerabilities and countermeasures already in place. The examination
will then rank the threats and vulnerabilities, and identify additional
countermeasures appropriate to protect the sensitivity, criticality,
and reliability associated with the information technology asset.
To keep your expenses to a minimum and your
protection to a maximum, ESTec establishes a cost value for every
type of impact on your information technology asset. The event probability gives management
an insurance value for each type of event and each asset involved,
allowing your management to justify the expenditures for the countermeasures
for potential events and interruptions of service. That way, you
get the most bang for your buck.
Information Technology Risk assessment is an integral part of ISO 17799 / ISO 27001 information security management systems. ESTec can provide training for internal information technology risk assessment and risk management personnel as well as outside information technology risk assessment services. A standards based information security management system includes a formal risk management plan for the organization. Risks must be identified, and dealt with by countermeasures, or contracted out to a third party or in some cases accepted by the organization as part of the normal business risk.
Sample Case Risk Assessment
Customer: West Coast Utility
Services: Information Technology Risk Assessment
Problem: A new client information system was to be implemented.
Management wanted a justification for the budget requests for the
Solution: An ESTec consultant worked with the IT department to develop
a detailed risk assessment for the project's assets.
Results: The company was able to control and direct expenses to
do the greatest good, and ended up saving a high percentage of the
original allocation of funding for this protection.