Information Security Risk Management

We combine internationally recognised information security risk analysis techniques (e.g ISO 27005) with our specialised experience, to produce risk management strategies that best fit your business. The first step in this process is to obtain an understanding of your unique business model and to identify your organisation's critical information and processes so that information security risks can be analysed in the appropriate context. Threats and vulnerabilities are then analysed and customised reports created which prioritise the vulnerabilities based on the risk they present to your particular business.

We will work through the report with you to identify the most efficient ways to distribute your information security resources. The focus will be on addressing the highest priority risks first. For each risk a range of controls will be analysed for cost and effectiveness. Informed decisions can then be made about which controls would be most appropriate. The final decision on whether to implement a control is made by balancing the costs of implementing the control against the potential risks of doing nothing.

The end objective is to provide your business with an action plan for obtaining a balanced business risk profile at the lowest cost, with minimal impact to other business objectives.

In order to ensure that we perform the highest quality security reviews that are of optimum benefit to your business, Jake Smith Consulting uses risk management processes developed from international standards and guidelines. These include ISO/IEC 27005, NIST guidelines SP800-30 and SP800-100, HB231, AS/NZS 4360 and the COBIT framework.