Services: Risk Analysis
Goal
Discussion and identification of vulnerabilities and potential security risks in a project in order to avoid and minimize these at an early stage.
Initial Situation
The customer is providing all available information regarding a project or a solution (e.g. concepts, handbooks, minutes). Document templates and pre-defined risk metrices might be shared additionally.
Approach
- Preparation: Definition of the goals as well as collection and discussion of the existing concept.
- Review: Review and analysis in order to determine errors and unattractive features.
- Discussion: Documentation and discussion of the identified errors and of the suggested measures.
Result
We provide the customer with a document that details the insecurities of the project. The basic discussion is provided in plain language, whereas the individual risk assessments are tabulated.
Pros and Cons
As specialists, this enables us to point out problems and issues at an early stage before they can take root within a company. This minimizes the target area immediately as well as in the long term and lays the foundation for a secure environment. Thanks to our vast experience we are able to provide comparisons with other companies and thus implement intelligent best practice standards.
Reference Example
Risk Analysis Authentication Mechanisms: A nationwide insurance company wanted to provide its employees with remote terminals. The operating and the security departments disagreed about the authentication mechanism (e.g. username/password, access card, chip card, SecurID token). We were able to support the company’s choice of an efficient, effective solution for the future through an assessment of the respective operational and technical risks.
