Risk Analysis is the process of identifying the potential areas of risk to information security based on the inventory of information systems and information flows described by the Information Flow Analysis. Risk Analysis provides the big-picture view of your systems and flows and their security.
The analysis involves organizing the systems and flows into categories with similar information security characteristics, and then defining the risk issues that must be dealt with for each category of system or flow. Proprietary and publicly available tools are used to identify threats, vulnerabilities, and controls, and provide the framework for the analysis.
Lewis Creek Systems provides its clients descriptive summaries of each category of system or flow and its risk issues, as well as a tabular presentation identifying each issue and its policy and technical security requirements for management of risk.
The Risk Analysis identifies the particular systems and flows that need further assessment of risk so that the risks may be better understood and mitigated as necessary. The Risk Analysis results in a report that defines the needs for the ensuing Risk Assessment work as well as recommended policy modifications necessary to ensure good security practices.
For a story about this process in the October 7, 2009 issue of AHIMA Today, see pages 6-7 at: http://www.ahimatoday-digital.com/ahimatoday/20091007/
Find out more about the Integrated Information Security Management Process
Find out more about Compliance Assessment Services
Go to the Services Overview