At Vigilsense, we help you define and map the risk, develop an action plan; as well as monitor and measure
Your car seems to be performing well and can take you on those errands that you need to run. However, you haven't checked this car in a while. You take the car for a health assessment and then opening the car bonnet, the mechanic tells you ugh... you’ve got a problem or you are going to have a problem if you don’t do some things now. Brake pad is wearing thin; engine oil is low; those are warning signs that things may go wrong down the line. The car may suddenly stop in the middle of the road. So, how do you successfully approach an IT Risk Assessment?
Identify Business and IT Objectives: This is your utility of the car. You want to go from A to B on your errands without any hitch. Ask yourself, what does the technology (application, network, database, messaging interface) enable the business to achieve? How does the application enable the business? For example, the application may enable the organisation to provide payment services to customers. If the application stops providing the business objectives, there would be consequences ranging from losing customers due to lack of trust or even fines from industry regulators.
Identify threats to achieving the business and IT objectives: What are the current vulnerabilities or weaknesses in your application and infrastructure? and how could these be exploited to perpetrate bad things that could prevent the business from achieving these objectives?
Identify Controls in place: What are the processes and mechanisms you have in place to prevent or detect exploitation of these weaknesses?
Assess the effectiveness of these controls: How effective are these processes and mechanisms in place. Are they designed correctly? Are they operating as intended?