Services  |  Solutions  |  Technology  |  Vulnerability Research  |  Security Resources  |  Certifications   |  About

Host Discovery Vulnerability Management Solutions Penetration Testing Training - NSAT™ Training - TEAM Enterprise Risk Assessments Policy Anti-Phishing & Internet Fraud Alert General Consulting

Enterprise Risk Assessments (ERA) - Overview

As your organization grows in size and complexity, the job of determining the degree of exposure to information asset risks becomes more challenging. New system acquisitions, updated procedures for handling confidential information about your clients, and the ever-increasing number of attack vectors combine to leave you confused about how to select and capture the information you need to identify threats and implement effective plans for addressing them. You find yourself asking questions such as: Do we need to do something at the strategic level to address our information security needs? Do we need to do something at the operational level? Which systems and processes are most critical to the organization's mission? What is our real exposure and how do we address it?

An Enterprise Risk Assessment (ERA) helps you address and, more importantly, answer these questions and more. By employing a formal methodology such as the National Institute of Standards and Technology (NIST) or the OCTAVE™ Risk Assessment Methodology used by Digital Defense, you will be able to obtain a holistic, organization-wide view of critical information assets and their associated threat profiles. You will then be able to utilize this view to craft and implement a solid "roadmap" for addressing key issues, which will be prioritized based upon the specific needs of your organization.

Digital Defense currently offers four forms of ERA, two of which are onsite and two of which are self-paced. For the ERA onsite options, Turnkey and Corporate, an OCTAVE-trained network security analyst will travel to your site to perform the risk assessment on a dedicated basis. We offer the ERA Turnkey on a three-day engagement basis and the ERA Corporate on a five-day engagement basis.

The ERA self-paced options, Webinar and Expert, comprise a web conferencing solution also led by OCTAVE-trained network security analysts, but more than one client shares the analyst time. The purpose of the ERA Webinar and ERA Expert is to extend the ultimate benefits of an ERA onsite solution to a greater number of clients by making it more affordable using a conferencing option. The ERA Expert takes the ERA Webinar solution one step further through the services of a network security analyst to review your data and perform a detailed outbrief.

Since the management of risk and the remediation of vulnerabilities is an ever-changing phenomenon, equipping senior managers with tools that can be used in the years to come is both vital to the long-term stability of the enterprise as well as a prudent investment decision. The ultimate goal of the ERA onsite and the ERA webinar options is to empower senior managers with the ability to evaluate risk within their organizations on an ongoing basis.

Benefits

The Information Security Policy Handbook is essential for customers who have no, limited, or dated security policies in place, especially those organizations required by law to have a documented set of established comprehensive information security policies. It is also effective for those organizations that have existing information security policies in place, but who wish to augment existing content with industry best practices and regulatory requirements. Our Information Security Policy Handbook service provides:

• You identify all critical information assets, regardless of business line owner or location.
• You generate threat profiles based on a variety of factors such as type of access, source of attack (internal or external), and the potential motive for an attack.
• You define potential risk exposure in non-technical, easily understood terms such as reputation, financial or productivity loss, fines, etc.
• You determine key actions that need to be taken at the strategic as well as the operational level, to address identified risks.
• You establish a formal plan that empowers you and your organization to make sound business decisions about whether to accept, defer, transfer, or mitigate the risks that your Assessment identifies and defines.

The ERA onsite and ERA self-paced programs enable you to manage the growing risks associated with information technology just as you would deal with other common business transactions like underwriting a loan or hiring a new employee. It provides the due diligence your organization needs to make prudent risk-related decisions.

Results

ERA Turnkey and Corporate

Stage 1: You will utilize workbooks and documents developed by the Software Engineering Institute at Carnegie Mellon University to conduct system identification and risk evaluation. These documents are a key part of a formal Risk Assessment Methodology, ensuring consistent results regardless of industry or company size.

Stage 2: The analyst will utilize the information captured during the interactive sessions to develop a formalized report that outlines key findings and next steps for the organization.

ERA Webinar and Expert

Each ERA webinar will include material that will facilitate knowledge transfer between the webinar instructor and participant. Items such as keyword and process definitions, worksheets, workflow diagrams, and process roadmaps are included in the OCTAVE-specific webinars.

Digital Defense will also make available, at no additional charge, a tool that can be used to facilitate data capture and organization, and the reporting of information that is related to the OCTAVE risk assessment process.