Risk Assessments

Why Does My Organization Need a Risk Assessment?

A company’s risk assessment program is the foundation of its information security program. Your program should protect the company’s most critical systems and data. A risk assessment identifies possible risks to the security of an organization’s information systems:

  • Loss of confidentiality of sensitive information
  • Lack of availability of critical data systems

For financial institutions, the Gramm-Leach-Bliley Act (GLBA) and the Federal Financial Institu-tions Examination Council’s (FFIEC) guidelines require a risk assessment to be performed. Other organizations may apply the risk assessment process as a component of SOX compli-ance or internal audit activities.

What Threats Should Be Considered?

There is no single list of threats that applies to all organizations. All reasonably foreseeable threats should be considered, and those are defined by factors such as the institution’s location and its technical environment. Threats are commonly categorized as one of the following:

  • Natural – tornado, earthquake, etc.
  • Human – accidental or intentional acts
  • Technical – equipment or communication failure

How Often Should Risks Be Assessed?

Risk assessment is an ongoing process. For example, risks should be assessed anytime a new server is installed or new controls are implemented. Ideally assessments should occur before changes are made.

Our Solution

BKD IT Risk Services (ITRS) uses a risk-assessment process based on guidelines from the National Institute of Standards and Technology’s (NIST) Risk Management Guide for Information Technology Systems and the Federal Financial Institutions Examination Council’s (FFIEC) Information Security Handbook. Assessment results are analytical reports that help you understand the risks to your organization’s information system.

Informed decisions can then be made about additional controls and system changes.

Philip Baker

Managing Director

Philip Baker

Managing Director

Manufacturing & Distribution

14241 Dallas Parkway, Suite 1100
Dallas, Texas 75254-2961

Dallas
972.702.8262

Cindy Boyle

Partner

Cindy Boyle

Partner

Financial Services
Not-for-Profit & Government

400 W. Capitol Avenue, Suite 2500
P.O. Box 3667
Little Rock, AR 72203-3667 (72201)

Little Rock
501.372.1040

Christie Clements

Director

Christie Clements

Director

201 N. Illinois Street, Suite 700
P.O. Box 44998
Indianapolis, IN 46244-0998 (46204)

Indianapolis
317.383.4000

Ronald Hulshizer

Managing Director

Ronald Hulshizer

Managing Director

Financial Services

Two Leadership Square South Tower
211 N. Robinson Avenue, Suite 600
Oklahoma City, OK 73102-9421

Oklahoma City
405.606.2580

Shane Torkelson

Director

Shane Torkelson

Director

Manufacturing & Distribution

2800 Post Oak Boulevard, Suite 3200
Houston, TX 77056-6167

Houston
713.499.4600

BKD LinkedIn BKD Twitter BKD Youtube BKD Google Plus