Risk Assessment & Frameworks
CPT partners with Infosec to deliver risk management services. CPT’s approach encompasses three phases: Risk Analysis; Risk Mitigation; and Risk Monitoring.
Our engagements utilise a structured series of workshops at each of these phases:
- We develop a mix of IT and Business Risks focusing on Confidentiality, Integrity and Availability threats to Information Security assets presented in a matrix
- Our mitigation options are broad including selections from: Crisis Management; Avoidance; Deterrence; Prevention; Detection; Classification and Handling rules; Recovering; Insuring; Recruiting; Training; Assisting; Dismissing; Whistle-blowing; and/or Accepting; in mixes selected and agreed by the workshop participants for each cell in the matrix.
The end result is that the IT and Business workshop participants develop ownership of the risks and commitment to their controls. “Ownership” comes from defining the Annual Risk Exposure and results in a boost for Corporate Culture. This is shown in the way that staff and management embrace security as “a new way of being” and this is evident across the organisation.