Security Consulting

Initial Risk Evaluation

We start by becoming familiar with your business needs for security by asking some key questions:

What information do you want to protect?

Not all information is considered confidential -- but those files and databases that are valuable must be identified. In this way, the project can focus on protecting the information that is considered important to your business.

What specific technology (hardware/software/network) are you using?

We need to identify, at a high level, what type of computers and software you use. This information will be used during the initial evaluation and it will be expanded on during the more detailed assessment phase.

What hazards and risks are your IT infrastructure exposed to?

Identifying hazards -- the threats that could result in a security breach -- and then listing probable risks to your business is an important part of this initial evaluation. Not all threats will apply to your situation, therefore we need to identify the true risks before proceeding.

An optional Internet Security Scan can also be performed if specific external weaknesses need to be identified. Note that this is usually performed later in the project but it can be part of the initial evaluation if requested.

What obligations do you have to protect your information?

Private sector companies need to be very careful with competitive information, customer information, financial records, etc. The security expectations for businesses come from shareholders, company management and the public.

Public sector organizations have to meet certain regulatory and legal requirements to ensure sensitive information is not left exposed.

Knowing what your obligations are will help us to make appropriate recommendations and to set priorities for implementation. Once the information is gathered, we can provide an evaluation presentation or written report that summarizes our findings. Then we can begin the Security Needs Assessment to identify specific security strengths and weaknesses.