URM's Risk Management Methodology

Risk assessment is the only way for senior managers to ensure that controls are cost effective and appropriate.

In many market sectors, the adoption by senior management of a formal risk strategy to demonstrate to stakeholders, regulators, legislators and business partners is mandatory. Such a strategy must embrace risk management and risk acceptance, based on an agreed corporate risk appetite.

A risk assessment will require the involvement of a wide range of individuals - typically business representatives, IT specialists, Human Resources and legal professionals, and facilities management. The review will include an assessment of controls already in place. The stages of the risk assessment process will include:

Scope

the identification of the information assets, together with their owners, to be reviewed.

Business impact

an analysis of the quantifiable potential losses that might result from a breach of security.

Threat assessment

a review of an organisation's vulnerability to a range of threat types that will cause business damage and the likelihood of the threats manifesting themselves.

Risk identification and quantification

the combination of business impact and threat assessment to identify and quantify specific areas of risk, especially those requiring the application of further security controls.

Controls selection

based on the previous stage, the selection by management from a list of controls that they wish to implement to lower residual risk to a level that is deemed to be acceptable.

Benefits of engaging with URM

Those customers who have experienced URM's Risk Management methodology have benefitted in a number of different ways, including:

• budgetary savings resulting from a better understanding of control requirements;
• the identification of previously unrecognised risks that posed a major obstacle to achieving business objectives;
• expeditious compliance with corporate governance requirements in readiness for its SOX audits;
• greater synergy between the business and IT; and more effective audits by internal and external auditors.

• Consultancy Introduction
• Information Security (ISO 27001)
  • Information Security (ISO 27001)
  • Relationship between ISO 27002 & ISO 27001
  • How to Comply with ISO 27002 or Certify to ISO 27001
  • ISO 27001 Awareness Training
  • ISO 27001 Case Studies
• Information Security (PCI DSS)
  • Information Security (PCI DSS)
  • Stages of Compliance to PCI-DSS
• Information Security (DMA DataSeal)
• Business Continuity Management (BS 25999)
  • Business Continuity Management (BS 25999)
  • Significance of BS 25999
  • How to deploy BS 25999 - Lifecycle Stages
  • Crisis Management Simulation Exercises
  • New ISO Standard for BCM - ISO 22301
• IT Service Management (ITIL & ISO 20000)
  • IT Service Management (ITIL & ISO 20000)
  • Significance of ITIL & ISO 20000
  • How to deploy ITIL or certify with ISO 20000
• Data Protection
  • Data Protection - Introduction
  • URM's approach to Data Protection
  • BS 10012 - New DPA Standard
• Information Risk Management
  • Information Risk Management
  • URM's approach to Information Risk Management
• Software Asset Management
  • Software Asset Management
  • URM's approach to Software Asset Management
• Polices & Procedures
  • Polices & Procedures
  • URM's approach to Polices & Procedures