Directory
Risk Assessments
Why Does My Organization Need a Risk Assessment?
A risk assessment is the foundation for a company’s information security program. Your information security program should protect the company’s most critical systems and data. A risk assessment identifies possible risks to the security of an organization’s information systems:
- Loss of confidentiality of sensitive information
- Lack of availability of critical data systems
For financial institutions, the Gramm-Leach-Bliley Act (GLBA) and the Federal Financial Institutions Examination Council’s (FFIEC) guidelines require a risk assessment to be performed. Other organizations may apply the risk assessment process as a component of SOX compliance or internal audit activities.
What Threats Should Be Considered?
There is no single list of threats that applies to all organizations. All reasonably foreseeable threats should be considered, and those are defined by factors such as the institution’s location and its technical environment. Threats are commonly categorized as one of the following:
- Natural—tornado, earthquake, etc.
- Human—accidental or intentional acts
- Technical—equipment or communication failure
How Often Should Risks Be Assessed?
Risk assessment is an ongoing process. For example, risks should be assessed anytime a new server is installed or new controls are implemented. Ideally assessments should occur before changes are made.
Our Solution
BKD IT Risk Services (ITRS) uses a risk-assessment process based on guidelines from the National Institute of Standards and Technology’s (NIST) Risk Management Guide for Information Technology Systems and the Federal Financial Institutions Examination Council’s (FFIEC) Information Security Handbook. Assessment results are analytical reports that help you understand the risks to your organization’s information system.
Informed decisions can then be made about additional controls and system changes.
Cindy Boyle
Cindy Boyle
Partner
IT Risk Services
Financial Services, Not-for-Profit & Government, Inf, Comm & Entertainment
Little Rock
501.372.1040
Ronald Hulshizer
Ronald Hulshizer
Senior Managing Consultant
Financial Services
Oklahoma City
405.842.7977
Matthew Lathrom
Matthew Lathrom
Managing Consultant
Other
Kansas City
816.221.6300
Cindy Boyle
Cindy Boyle
Partner
IT Risk Services
Financial Services, Not-for-Profit & Government, Inf, Comm & Entertainment
Little Rock
501.372.1040
Ronald Hulshizer
Ronald Hulshizer
Senior Managing Consultant
Financial Services
Oklahoma City
405.842.7977
Matthew Lathrom
Matthew Lathrom
Managing Consultant
Other
Kansas City
816.221.6300
Larry McLaughlin
Larry McLaughlin
Managing Consultant
Not-for-Profit & Government
Dallas
972.702.8262
Laura Patrick
Laura Patrick
Managing Consultant
Other
Springfield
417.865.8701
Rod Walsh
Rod Walsh
Director
IT Risk Services
Other
Kansas City
816.221.6300
Directory
Subscribe