Please consider updating your browser. Some parts of the website may not function as intended.
Identify, minimise & manage the threats to your business’ information assets
Request a QuoteThe Risk Crew Information Security Threat & Risk Assessment Service methodology provides a comprehensive and systematic approach to identify, minimise and manage threats to your information assets.
Before conducting the assessment, Risk Crew shall interview your key business stakeholders to identify the specific information assets needed to achieve business objectives. The assets are then categorised based on their value and criticality to the business.
READ MORE
Before conducting the assessment, Risk Crew shall interview your key business stakeholders to identify the specific information assets needed to achieve business objectives. The assets are then categorised based on their value and criticality to the business.
Risk Crew consultants then review current system documentation, GDPR/DPA workflows, hardware and data asset registers (if applicable) with stakeholders to confirm the location of these critical and sensitive information assets.
Once your information assets are identified, categorised and located, Risk Crew assess their hosting environments and associated processing operations to identify existing security threats to these assets.
READ MORE
Once your information assets are identified, categorised and located, Risk Crew assess their hosting environments and associated processing operations to identify existing security threats to these assets.
Risk Crew systematically identifies those threats that have the potential to exploit your system vulnerabilities and result in unauthorised access. A thorough inventory of the current threat landscape is considered.
Risk Crew uses a variety of industry and proprietary security threat databases on which to base our determinations to include known (manufacturer and vendor-recognised) and unknown (hacker-recognised) threats. Risk Crew considers all interconnections and interdependencies with other systems that may be present or introduce new threats to your systems.
Risk Crew assesses the devices hosting your information assets to identify technical security vulnerabilities that could be exploited to compromise these assets. Vulnerabilities may be associated with either single or multiple operational or cyber security threats.
READ MORE
Risk Crew assesses the devices hosting your information assets to identify technical security vulnerabilities that could be exploited to compromise these assets. Vulnerabilities may be associated with either single or multiple operational or cyber security threats.
Areas to be assessed include but are not limited to: network application and device build and deployment methodology, 3rd party solutions, network and workstation administration, support and management processes, change management and patching programs, incident identification and response processes, incident and anomaly investigation procedures, network disaster recovery and business continuity plans, network security auditing and testing, password management programs, and network and user security policies and procedures.
Documented system build standards and change management practices are reviewed in addition to previously conducted security testing and any audit or system deficiency reports.
As part of the assessment, Risk Crew runs vulnerability scans on the systems hosting the assets to identify associated technical vulnerabilities.
Additionally, Risk Crew utilises recent security advisories and bulletins, automated tools and technical security evaluations to identify vulnerabilities in this step.
Risk Crew determines and document the likelihood that the identified threat will exploit the identified vulnerability. The likelihood is an estimate of the frequency or the probability of such an event.
READ MORE
Risk Crew determines and document the likelihood that the identified threat will exploit the identified vulnerability. The likelihood is an estimate of the frequency or the probability of such an event.
Likelihood of occurrence is based on several factors that include system architecture, system environment, information system access and existing controls; the presence, motivation, tenacity, strength and nature of the threat; the presence of vulnerabilities; and the effectiveness of existing controls.
Risk Crew determines and document the magnitude/severity of impact on your business operations if the threat was realised and exploited the associated vulnerability.
Risk Crew’s service provides a comprehensive report that details network security vulnerabilities identified and specific actions for remediation, a courtesy workshop and on-call assistance.
The report includes an information asset register, risk treatment plan and a heat map.
READ MORE
The report includes an information asset register, risk treatment plan and a heat map. On each report deliverable:
The report is presented in a workshop with applicable business stakeholders to ensure their understanding of the findings and the risks associated with hosting the business information assets on the platform.
We provide advice and assistance for 30 days following the report submittal and answer any questions that arise from implementing remedial actions and ensuring risk reduction.
Risk Crew provides an unparalleled penetration testing solution covered by a 100% satisfaction guarantee.
Quite simply, this critical service provides answers to the fundamental questions:
All information security management starts with answers to these basic questions and benefits from the following:
An information security threat assessment provides the data on which to measure your businesses risk appetite, tolerance and capacity. It provides the framework to identify, minimise and manage the cyber threats to your business.
Our skilled and experienced risk consultants implement industry-proven risk management methodologies ensuring they can effectively identify, minimise and manage the security risks to your business assets. All our consultants are subject to full, initial (and routine ongoing) background security checks.
