Getting the balance right

Information Risk Management Consultancy

Risk assessment is the only way for senior managers to ensure that controls are cost effective and appropriate.

Risk Management involves evaluating threats and assessing potential impacts (losses) so that measures can be identified and implemented to safeguard important business assets and thus avoid losses.

The success parameters of modern organisations have raised the stakes for implementing a process of information risk assessment. These include the need to comply with legislation and regulation (such as the Data Protection Act, Combined Code and the Sarbanes-Oxley Act (SOX)), as well as protecting its market reputation, providing fast and accurate information and generally putting itself in a position to exploit the Internet and emerging technologies.

The implementation of formal information risk assessment will ensure that senior management, as an organisation's risk takers, are provided with credible, timely and quantifiable intelligence about the actual risks, as opposed to perceived ones, which they face. They can then determine more precisely their security budget and where it should be targeted.

URM's consultancy team is highly experienced with each consultant having over 10 years' experience in information security risk management and audit. This experience has been gained across a wide range of private and public market sectors. URM's consultants understand not only the technologies and risks, but also the business imperative - which is vital when conducting risk assessments and when presenting the results.

URM has developed a highly pragmatic risk assessment methodology that is business-focussed and produces high quality intelligence from which an organisation's risk takers can make balanced and informed decisions. The methodology can be used in any context including certification to ISO 27001 and compliance with SOX regulations. Unlike some of the more rigid 'take it or leave it' risk assessment tools, URM's approach is completely flexible and can be modified to meet the specific requirements of an organisation.

• Consultancy Introduction
• Information Security (ISO 27001)
  • Information Security (ISO 27001)
  • How to Comply with ISO 27002 or Certify to ISO 27001
  • ISO 27001 Awareness Training
  • ISO 27001 Case Studies
  • ISO 27001 Health Check
• Information Security (PCI DSS)
  • Information Security (PCI DSS)
  • Stages of Compliance to PCI-DSS
• Information Security (DMA DataSeal)
• Business Continuity Management (BS 25999 / ISO 22301)
  • Business Continuity Management (BS 25999 / ISO 22301)
  • Significance of BS 25999 / ISO 22301
  • How to deploy BS 25999 / ISO 22301 - Lifecycle Stages
  • Crisis Management Simulation Exercises
  • New ISO Standard for BCM - ISO 22301
• IT Service Management (ITIL & ISO 20000)
  • IT Service Management (ITIL & ISO 20000)
  • Significance of ITIL & ISO 20000
  • How to deploy ITIL or certify with ISO 20000
• Data Protection
  • Data Protection - Introduction
  • URM's approach to Data Protection
  • BS 10012 - New DPA Standard
• Information Risk Management
  • Information Risk Management
  • URM's approach to Information Risk Management
• Software Asset Management
  • Software Asset Management
  • URM's approach to Software Asset Management
• Polices & Procedures
  • Polices & Procedures
  • URM's approach to Polices & Procedures
• Social Networking