• Home
  • Our Story
  • Assessment Services
  • Forensic Services
  • Emergency Planning Services
  • Leadership
  • Contact

Call us. 1.888.999.6006.

support@coalfiregs.co
Login

Login
CGSCGS
Coalfire Government Systems
  • Home
  • Our Story
  • Assessment Services
  • Forensic Services
  • Emergency Planning Services
  • Leadership
  • Contact

home_image_complianceWe have broad experience in assessing overall cyber risk.  We primarily utilize the NIST standards but can use other frameworks such as ISO and Cyber Security Framework.

The basic formula for assessing overall risk.   Risk = Threat * Vulnerability * Asset

Understanding and mitigating cyber risk is the strategic process of administering the assessed risk.[1]  While risk assessment focuses on identifying, quantifying, and prioritizing risks, the goal of risk management is to manage the risks across the agency. Risk management is an ongoing process and consists of multiple phases. Senior management presence and direction are strongly recommended during the risk management phase. Table 1 illustrates the major differences between risk management and risk assessment.

Risk Management vs. Risk Assessment by Dr. Sam Musa

Once risks have been identified, they can be accepted, avoided, mitigated, or simply transferred. Risk acceptance warrants accepting the potential loss from the risk; on the other hand, risk avoidance signifies eliminating the risk by not performing the activity that could carry a risk. An example would be not buying a program that handles electronic transactions on an unsecured port, such as port 80. Mitigating the risk would involve reducing the likelihood of the loss from occurring by using a secure port.

Risk can be mitigated by technical and non-technical approaches. Awareness training, for example, is considered a non-technical approach. Agencies may install firewalls (as a technical approach) at their gateway to limit unauthorized users from accessing their networks. Transferring risk, on the other hand, signifies sharing with another party the adversity of loss or the privilege of gain, from a risk. For example, buying car insurance signifies risk transfer.

[1] http://www.academia.edu/18806314/Risk_Assessment_vs._Risk_Management

“The IT security director of a large financial services firm recently told me that they experience on average 12,000 attempted intrusions a day. He trusts a rigorous security policy and three discrete firewalls for protection because there is no way he can investigate the sources of those attacks.” John Mencer

Contact

We're currently offline. Send us an email and we'll get back to you.

Send Message

© 2016 · Coalfire Government Systems, Inc.