Risk Management contains three basic deliverables – Vulnerability Management, Site Assessment and Auditing, and Risk Reporting. Mature Risk Management for an organization includes these deliverable however an organization must accept others that a vendor cannot provide: executive sponsorship, personnel education and accountability, findings’ level of risk.
Assessment and Audits are based on standard audit techniques to determine an organization’s baseline as it relates to a pre-determined standard. This audit can be performed solely on Information Technology assets or on all aspects of a client’s organization. All audit findings are then sorted by highest risk and the least investment and remediation efforts generate “tickets” in the client’s workflow tracking product. Finally, true Risk Reporting is achieved when cyclical auditing, remediation, information security incident data and reporting is performed.