Our strategic risk assessment services are organizationally focused and  are usually tailored towards specific compliance requirements such as the  HIPAA Security Rule.  Our consultants have conducted numerous on-site organizational risk assessments, for private, public, and government organizations of different scale. We know how to tailor the process to suit your needs and maximize the efficiency of the on-site portion of the engagement.

Risk Assessments draw from relevant best practices and industry specific guidelines or requirements, such as the OCTAVE Catalogue of Practices and Special Publications from the National Institute of Science and Technology.

Organizational Risk Assessments based on a tailored version of the Software Engineering Institute's (SEI) Operationally Critical, Threat, Asset and Vulnerability Evaluation (OCTAVE^®) methodology are conducted in three phases:

Phase 1: Knowledge elicitation from inter-hierarchical groups.

Phase 2: Technical &  Physical Vulnerability Assessment of key IT assets.

Phase 3: Development of mitigation plans based on observations and industry recognized best practices.

These risk assessments are both high level and low level in nature, encompassing a knowledge elicitation workshop with senior mangers and inter-disciplinary subject matter experts from the organization, with the appropriate elements of a targeted technical vulnerability assessment.