Security and Risk Management Services

Logistic Solutions, Inc. (LSI) solutions will help you plan, build, and maintain a successful security risk management program.
Survey of Security Risk Management Pratices
Survey of Security Risk Management Practices
It is important to lay a foundation for the LSI security risk management process by reviewing the different ways in which organizations have approached security risk management in the past.
 
The Four Phases of the LSI Security Risk Management Process

LSI security risk management defines risk management as an ongoing process with four primary phases:

  1. Assessing Risk: Identify and prioritize risks to the business.
  2. Conducting Decision Support: Identify and evaluate control solutions based on a defined cost-benefit analysis process.
  3. Implementing Controls: Deploy and operate control solutions to reduce risk to the business.
  4. Measuring Program Effectiveness: Analyze the risk management process for effectiveness and verify that controls are providing the expected degree of protection.
The following figure illustrates each phase and its associated steps.
Each phase and its steps
 
Assessing Risk
 

The overall risk management process comprises four primary phases: Assessing Risk, Conducting Decision Support, Implementing Controls, and Measuring Program Effectiveness. Our risk management process illustrates how a formal program provides a consistent path for organizing limited resources to manage risk across an organization. The benefits are realized by developing a cost-effective control environment that drives and measures risk to an acceptable level.

The Assessing Risk phase represents a formal process to identify and prioritize risks across the organization. The LSI security risk management process provides detailed direction on performing risk assessments and breaks down the process in the Assessing Risk phase into the following three steps:

  1. Planning. Building the foundation for a successful risk assessment.
  2. Facilitated data gathering. Collecting risk information through facilitated risk discussions.
  3. Risk prioritization. Ranking identified risks in a consistent and repeatable process.
Conducting Decision Support
The decision support process includes a formal cost-benefit analysis with defined roles and responsibilities across organizational boundaries. The cost-benefit analysis provides a consistent, comprehensive structure for identifying, scooping and selecting the most effective and cost efficient mitigation solution to reduce risk to an acceptable level. Similar to the risk assessment process, the cost-benefit analysis requires strict role definitions in order to operate effectively. Before conducting the cost-benefit analysis, the Security Risk Management Team must ensure that all stakeholders, including the Executive Sponsor, have acknowledged and agreed to the process.

During the Conducting Decision Support phase, the Security Risk Management Team must determine how to address the key risks in the most effective and cost efficient manner. The end result will be clear plans to control, accept, transfer or avoid each of the top risks identified in the risk assessment process. The six steps of the Conducting Decision Support phase are:

  1. Define functional requirements.
  2. Select control solutions.
  3. Review solutions against the requirements.
  4. Estimate the degree of risk reduction that each control provides.
  5. Estimate costs of each solution.
  6. Select the risk mitigation strategy.
Implementing Controls and Measuring Program Effectiveness
Implementing Controls
During this phase, the Mitigation Owners employ the controls that were specified during the previous phase. A key success factor in this phase of the Microsoft security risk management process is that the Mitigation Owners seek a holistic approach when implementing the control solutions. They should consider the entire Information Technology (IT) system, the entire business unit, or even the entire enterprise when they create their plans for acquiring and deploying mitigation solutions.
Measuring Program Effectiveness
During this phase, the Mitigation Owners employ the controls that were specified during the previous phase. A key success factor in this phase of the Microsoft security risk management process is that the Mitigation Owners seek a holistic approach when implementing the control solutions. They should consider the entire Information Technology (IT) system, the entire business unit, or even the entire enterprise when they create their plans for acquiring and deploying mitigation solutions.

 

Send us an Enquiry

“We would like to hear from you. Send us your enquiries and suggestions to info@logistic-solutions.com

SAP
Microsoft
UNICEF
Port Authority of New York and New Jersey