|
assess...educate...advise
|
|
Risk Assessment:
hub of the info security program
It is the examiners' expectation that a risk assessment will result in "A writtent document and process that should be established based upon the results of the risk assessment". Thus a RISK ASSESSMENT should drive all components of your information security program.
Risk is nothing new to financial institutions. It's the basis for banking and it's healthy if managed properly. Sensitive Information has become more valuable than money. And it's everywhere...inside the institution and at your vendors. It's on hardcopy and softcopy. It's online and in transit during transactions. Thus, assessing your risk must span the enterprise and account for other places that sensitive information travels to.
And it's not just about IT systems; risk must take into consideration information-centric processes such as Vendor Management, DR/BCP, Incident Response, Board Involvement, and a number of other processes that pose risk to protecting sensitive information.
| |
R.I.S.C. Associates understands what examiners are looking for and conducts an enterprise-wide information security risk assessment that focuses on key processes as well as critical systems and applications that place NPPI (non-public personal information) at risk. The result is a view of the institution's process and systems exposure with accompanying recommendations as to how to mitigate that risk. Let R.I.S.C. show you where the issues are before the examiners do.
|
|
