Our system risk assessment services are thorough and incorporate relevant areas of system engineering life cycle analysis and security best practices for information systems.  Engagements are often tailored towards specific compliance requirements (e.g. Government System Certification and Accreditation). 

Our consultants have detailed knowledge and expertise in conducting security risk assessments for information systems.  They have first hand experience with government certification procedures (as system designers and as independent third party auditors) and with complex, commercial systems.

Consultants at SecurityRiskSolutions are helping industry develop new, improved practices for assessing risk in networked systems. Examples of this include:

• Regular participation in the HIMSS Medical Device Security Workgroup; helping industry form best practices for managing security risk in legacy and emerging networked medical devices.
   

• Joint development (with Government and Academia) of content for a risk assessment engine to automate and facilitate the assessment of risks intrinsic to the deployment and maintenance of networked systems.

System Risk Assessment engagements draw from relevant best practices and industry specific guidelines or requirements, such as the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP) and Special Publications from the National Institute of Science and Technology.

System or asset based risk assessments concentrate on the system life cycle, identifying strengths and weaknesses in the development, deployment and maintenance of the system. Deliverables for a system based risk assessment include a written report indicating the level of conformance with industry accepted best practices for secure development and deployment of a system.