Establishing a Risk Profile
Risk services are those consulting and integration services that align IT’s processes and technologies to the organization’s risk profile.
The first step in risk services is identifying and documenting the risk profile itself. Most often, this includes facilitated discussions with IT leadership and executive management, Compliance, Audit, and Risk business units.
Once risk tolerance is identified, then policy, processes, and procedures can be modified or established to guide behaviors and systems towards compliance.
Lastly, vulnerability assessments, at the network, systems and applications layers ensure ongoing effectiveness in context with a vibrant threat environment.