Following the Risk Analysis performed using the data from the Information Flow Analysis, individual areas of risk identified in the Risk Analysis are assessed as necessary in order to understand the details of any risks and how they may be best mitigated. While the Risk Analysis provides the big-picture view, Risk Assessment zooms in on the individual systems to ensure the details are considered adequately.
In some cases, the Risk Assessment is a heavily technical task, involving reviews of systems, networks, configurations, and procedures. In some situations, clients of Lewis Creek Systems perform the specific system risk assessments and institute the necessary remediation themselves, or work within an existing technical consultant relationship.
In other cases, Lewis Creek Systems provides the technical services necessary to complete the Risk Assessment. We are happy to provide technical experts or work with your existing technical personnel, whichever is your preference.
The results of the Risk Assessment serve to direct your steps toward compliance and become part of the foundation of documentation that ensures your having a complete Integrated Information Security Management Process and good compliance with applicable regulations and standards.
Risk Analysis and Risk Assessment provide key information as part of a complete Compliance Assessment, as well as provide input to your Policy Review and Development process.
Find out more about the Integrated Information Security Management Process
Go to the Services Overview