Risk Management
Any project that includes a technology based component will require an analysis of technology risk. This includes all risks that may impact the existing business, be introduced as a result of new systems, or affect the long-term technology strategy of the organisation.
Risk Assessment
SIFT assesses technology risk through our Technology Risk Assessment (TRA) methodology developed in line with ITIL, ISO 27001 (AS 7799.2), AS 4360 and ISO 17799. SIFT's TRA methodology considers the security implications of IT and non-IT assets in the context of the business' operations. The Methodology provides a structured approach for identifying and classifying risks, allocation of risk ratings, identifying weaknesses in existing mitigation strategies, and determining the residual risk if recommended actions are undertaken.
SIFT's TRA methodology is documented with specific steps at each stage of the process, and is illustrated below:
SIFT's TRA process includes:- Project Commencement - The project is commenced upon a meeting with the client to define and detail initial requirements.
- Information Gathering - A focal point of SIFT's TRA methodology is the need to understand the nature of our client's business and the way in which the technology environment supports that business. As such, SIFT's technology and business threat and risk assessments utilise methods such as client interviews and workshops, documentation review and broad engagement with both business and technology stakeholders.
- Risk Analysis & Review - SIFT's TRA includes analysis of the business consequences in line with the AS 4360 Risk Management standard.
- Delivery & Risk Maintenance - SIFT delivers findings in a comprehensive and relevant manner, whether for business or technical risk assessment. SIFT can deliver both technical and business focused reporting detailing the risk items identified. The delivery approach often also involves a risk workshop to ensure agreed mitigation actions are 'owned' by client stakeholders.
In addition to providing an assessment of a new technology projects' risk impact, organisations may also find it prudent to conduct an enterprise-wide technology risk assessment. Ongoing critical systems, legacy systems, proposed implementations and existing vendor engagements may pose a significant risk to critical business operations. SIFT has considerable experience in completing risk assessments of this type and of this scale.
Strategic Security Risk Management
SIFT has extensive experience in the development and execution of IT security risk management plans for Australian critical infrastructure and ASX200 organisations.
SIFT's role in the implementation of IT security risk management programs can vary from providing high-level guidance to specialist operational support, depending on the client's business requirements.
However, regardless of the customisation of the engagement model, SIFT actively engages executive management and both executive and non-executive boards to develop security risk management plans which are best tailored to and aligned with the client organisation's business objectives.
For more information regarding Risk Management, please contact us.
|
SIFT is an "Australian Government Endorsed Supplier" of information security and information risk management services. 
