IT Risk Assessments
In today’s dynamic technology environments, organizations are exposed to many security risks that need to be mitigated by implementing the appropriate level of internal controls. These controls are critical, and have two facets: design of controls and operating effectiveness of controls. In addition, organizations are required to comply with a variety of regulations, including:
Compass' IT Risk Assessment methodology reviews the your IT environment and identifies risks, internal control weaknesses, and gaps in controls. The Assessment then breaks down the probability and impact of individual risks, and maps those risks to specific compliance regulations and/or various IT Security Frameworks, such as CoBIT, the NIST, and ISO27001/27002.
At the end of the engagement, Compass will develop a detailed written report that outlines the following:
- Compliance requirement or security control in question
- What your organization has in place compared to that compliance requirement or control objective
- A risk rating that outlines the delta between the requirement and your current control
- Clear, actionable remediation strategy to mitigate your risk