Risk Assessments

A Risk Assessment (RA) is used to document an organization’s assets, ranking the criticality of the asset to the business and determining threats and adequacy of controls. The benefit to performing an RA is that an organization can quickly and objectively determine valuable assets and budget for proper security controls to ensure protection of these assets.

A Risk Assessment is typically performed in conjunction with a Network Security Assessment or IT Security Audit. As part of the process, RedRock will work with your organization to determine:

  • IT and Related Assets
  • Business Criticality of the Assets
  • Whether the Assets Store or Transmit Business Critical or Private Information
  • Threat Occurrence Probability (we evaluate 9 threat subcategories)
  • Potential Business Impact of a Realized Threat
  • Asset Vulnerabilities
  • Existing Controls to Reduce Risk
  • Adequacy of Current Controls
  • Overall Cumulative Risk
  • Proposed Controls to Further Reduce Risk

In addition, our Risk Assessment includes a ‘Risk Quick View’ allowing both Executives, Board Members and IT staff to quickly prioritize where risk reduction resources should be directed.