NUK 9 Information Security Auditors LLP
Governance | Risk | Compliance | Security | Coaching
Destination for all InfoSec Compliances
TM
Information Security Risk Assessment Services (ISRAs)
An element of managerial science concerned with the identification, measurement, control, and minimization of uncertain events. An effective risk management program encompasses following four phases:
-
Risk assessment, as derived from an evaluation of threats and vulnerabilities.
-
Management decision.
-
Control implementation.
-
Effectiveness review.
Some organizations have, and many others should have, a comprehensive Enterprise risk management (ERM) in place. The four objectives categories addressed, are:
-
Strategy - high-level goals, aligned with and supporting the organization's mission
-
Operations - effective and efficient use of resources
-
Financial Reporting - reliability of operational and financial reporting
-
Compliance - compliance with applicable laws and regulations
We specializes in to an effective model of Information Risk:
-
Identification;
-
Assessment;
-
Mitigation & Treatment Controls; and
-
Overall Continual Improvement to ensure required organizational, statutory, legal and contractual obligations are attained
Our approach covers Risk Assessment Frameworks based on ISO 27005, COSO, CoBIT, ISO 31000 and NIST SP 800-30
An extensive experience of approximately 10+ years in the field of Information Security Risk Management covers each and every nook corners of the Information Systems, Technologies, Processes and People
Our Information Risk Assessmnet Practices arena includes:
-
Information Security Risk Assessment (ISRA)
-
Data Privacy Risk Assessment (DPRA)
-
Enterprise Risk Management (ERM)
-
Functions & Processes Risk Assessment (FPRA)
-
Physical Security Risk Assessment (PSRA)