Search in ISMS Guides


Wednesday, October 3, 2007

Information Technology Risk Assessment

Information Technology Risk Assessment
An Information technology risk assessment tries to identify the risks, human and natural, that an information technology asset is exposed to. These range from earthquake, storms, and fire to human error, fraud, disgruntled employees, and external intrusion. In addition, an ESTec information technology risk assessment assesses the vulnerabilities and countermeasures already in place. The examination will then rank the threats and vulnerabilities, and identify additional countermeasures appropriate to protect the sensitivity, criticality, and reliability associated with the information technology asset.

To keep your expenses to a minimum and your protection to a maximum, ESTec establishes a cost value for every type of impact on your information technology asset. The event probability gives management an insurance value for each type of event and each asset involved, allowing your management to justify the expenditures for the countermeasures for potential events and interruptions of service. That way, you get the most bang for your buck.

Information Technology Risk assessment is an integral part of ISO 17799 / ISO 27001 information security management systems. ESTec can provide training for internal information technology risk assessment and risk management personnel as well as outside information technology risk assessment services. A standards based information security management system includes a formal risk management plan for the organization. Risks must be identified, and dealt with by countermeasures, or contracted out to a third party or in some cases accepted by the organization as part of the normal business risk.

Sample Case Risk Assessment
Customer: West Coast Utility
Services: Information Technology Risk Assessment
Problem: A new client information system was to be implemented. Management wanted a justification for the budget requests for the project.
Solution: An ESTec consultant worked with the IT department to develop a detailed risk assessment for the project's assets.
Results: The company was able to control and direct expenses to do the greatest good, and ended up saving a high percentage of the original allocation of funding for this protection.

Source :

No comments: