Caspian Technology Concepts Provider of Technology Support for small to medium size businesses | IT Infrastructure Consulting | IT Managed Services | IT Outsourcing | Network Services | IT Consulting Firm | Caspian Technology Concepts | Unified Threat Management | IT Managed Services Consulting | Network Security Management | IT Infrastructure Outsourcing

Risk/Assessment Services
Solution Offerings | Disaster Recovery/Risk Management

The importance of performing regular assessments grows every day. Before, it was important to check systems for vulnerabilities in order to prevent business disruption, but the landscape is changing. Regulations are being applied to industries to protect information as well as to create accountability when failing to do so. Although regular internal vulnerability testing is critical in keeping your network secure, there comes a time when an outside set of eyes becomes necessary to validate your findings. Caspian provides several different security assessments suited at providing just that.

Solution Offerings
External Network Review - a highly cost effective review of your externally accessible IP addresses by a team of consultants utilizing a variety of tools.

Internal Network Review - a highly cost effective review of your systems (servers, desktops, switches, routers, firewalls, etc.) by a team of consultants utilizing a variety of tools.

Comprehensive Network Review - this review covers both the internal and external reviews above, but also provides additional areas of investigation (partial list below):

Security policy review
Access Control
Physical security
Intrusion Detection
Dial-up/Remote access
Social Engineering
Backup/recovery
Patch Management
Device Configuration Review
Wireless

Regulatory Compliance Security Assessments - Security Assessments focused on providing Gap Analysis and best practices for regulatory compliance Acts like:

Health Insurance Portability and Accountability Act(HIPAA)
Gramm-Leach-Bliley Act (GLBA)
Sarbanes-Oxley Act
VISA CISP

Disaster Recovery/Risk Management
In today's atmosphere of global uncertainty, many of our clients ask us for support and advice to identify and mitigate the risks of corporate IT in relation to Business Continuity. Whether attackers compromise corporate email systems, or breach data privacy laws, many clients do not properly prepare. We often find the scope of our involvement grows to address their business needs as well as the technical aspects of the work. Our unique service uses the wealth of technical knowledge within Caspian Technology Concepts to offer informed recommendations.

By providing comprehensive and integrated risk assessment and management services, Caspian Technology Concepts helps clients to view risk as part of an active strategic approach towards realizing their goals.

The objective of performing risk management is to enable the organization to accomplish its mission(s) by:

Better securing the IT systems that store, process, or transmit organizational information
Enabling management to make well-informed risk management decisions to justify the expenditures that are part of an IT budget;
Assisting management in authorizing (or accrediting) the IT systems on the basis of the supporting documentation resulting from the performance of risk management.

Our methodology for Risk Management services encompasses three processes:

Risk assessment
Risk mitigation
Evaluation and assessment

I - RISK ASSESSMENT
Risk assessment is the first of three processes in Caspian Technology Concepts' risk management methodology. Caspian Technology Concepts uses risk assessments to determine the extent of the potential threat and the risk associated with an IT system. The output of this process helps to identify appropriate controls for reducing or eliminating risk during the risk mitigation process.

Risk is a function of the likelihood of a given threat-sources exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization.

To determine the likelihood of a future adverse event, threats to an IT system must be analyzed in conjunction with the potential vulnerabilities and the controls in place for the IT system. Impact refers to the magnitude of harm that could be caused by a threat exercise of a vulnerability. The level of impact is governed by the potential mission impacts and in turn produces a relative value for the IT assets and resources affected (e.g., the criticality and sensitivity of the IT system components and data). The risk assessment methodology encompasses nine primary steps:

Step 1 System Characterization
Step 2 Threat Identification
Step 3 Vulnerability Identification
Step 4 Control Analysis
Step 5 Likelihood Determination
Step 6 Impact Analysis
Step 7 Risk Determination
Step 8 Control Recommendations
Step 9 Results Documentation

II - RISK MITIGATION
Risk mitigation, the second process of risk management, involves prioritizing, evaluating, and implementing the appropriate risk-reducing controls recommended from the risk assessment process.

Because the elimination of all risk is usually impractical or close to impossible, it is the responsibility of senior management and functional and business managers to use the least-cost approach and implement the most appropriate controls to decrease mission risk to an acceptable level, with minimal adverse impact on the organizations resources and mission.

III - EVALUATION AND ASSESSMENT
In most organizations, the network itself will continually be expanded and updated, its components changed, and its software applications replaced or updated with newer versions. In addition, personnel changes will occur and security policies are likely to change over time. These changes mean that new risks will surface and risks previously mitigated may again become a concern. Thus, the risk management process is ongoing and evolving.

..........................................................................

Support

.........................................................................

News Feed of Latest Events