Southwest Information Assurance
Services

Risk Management

• Risk management principles and practices that identify, analyze, control, and mitigate potential loss associated with information security events not limited to performing baseline risk analyses and establishing the framework for an ongoing risk analysis process; establishing or revising the life cycle management process in support of safeguards and controls
• Risk assessment capabilities including qualitative and quantitative risk analysis, identification and valuation of information assets, threat identification, and vulnerability definition including establishing cost-to-value ratios for safeguards and controls; developing the evidence required to support important decision-making processes such as hardware configuration, software design, development, testing, implementation, building site selection and building design; prioritization of information security requirements and the subsequent application of information security resources needed to satisfy those requirements
• Risk mitigation strategies such as risk reduction, risk transference, and risk acceptance not limited to cost/benefit analysis of safeguards and controls; assessing and addressing the availability and applicability of various insurance instruments; assessing and addressing the level of manual effort required to operate, maintain, support, and recover safeguards or controls; assessing and addressing the auditability and accountability features of safeguards or controls; assessing and addressing the recoverability requirements, constraints, or impact of safeguards and controls
• We perform this work using risk analysis processes that incorporate or conform to recognized national or international standards and industry guidelines.