- The exponential growth of digital landscapes multiplies vulnerable assets even as organizations struggle with a surge of cyberattacks.
- Manual risk management methods often do not identify and assess risks quickly enough to offer complete and real-time insights to support strategic decision-making.
- Empowering development teams to complete their own risk assessments is a common goal but often fails due to lack of security expertise.
Our Advice
Critical Insight
- Develop a scalable, integrated process to assess and manage security risks
- Leverage best-practice frameworks, drawing on emerging technologies to accelerate manual tasks
- Enlist organizational participants to ensure reliable security risk data is available when you need it.
Impact and Result
- Reduce security risk over time.
- Improve security incident metrics, as well as their impact on the organization and the average incident response time.
- Regular audits and assessments are more likely to show the security risk management program adheres to relevant security standards.
Member Testimonials
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.
8.8/10
Overall Impact
$24,010
Average $ Saved
13
Average Days Saved
Client
Experience
Impact
$ Saved
Days Saved
Hitachi Rail GTS Canada Inc.
Guided Implementation
8/10
N/A
2
Soboba Band of Luiseno Indians
Guided Implementation
10/10
$12,330
4
EBSCO Industries Inc
Guided Implementation
10/10
$6,850
8
Jon was an amazing partner to work with. His knowledge and expertise were essential to our success in establishing a more rigid Risk Management Pr... Read More
Seneca Gaming Corporation
Workshop
8/10
$13,700
10
Primary benefits of the workshop to SGC: 1 - Opportunity to formally introduce concepts to senior management. It is often helpful when a third-p... Read More
AgHeritage Farm Credit Services d/b/a Insight Technology Unit (ITU)
Workshop
8/10
$32,195
10
I attended a workshop recently that was truly excellent. The leader, Fritz, had a deep understanding of our specific needs and was able to guide us... Read More
UCLA
Workshop
5/10
N/A
N/A
The Stride model and tool were not explained at the beginning of the sessions. I was not clear on the methodology or intended outcomes. The initi... Read More
Diamond Trading Company Botswana (PTY) LTD.
Workshop
10/10
$12,999
10
The best part was that the consultant was very knowledgeable in all aspect of information security and was very engaging and encouraging participat... Read More
UCLA
Workshop
9/10
N/A
32
The best part was our facilitator. She was great. There was no "worst part". The workshop exceeded my expectations.
UCLA
Workshop
10/10
$64,999
20
Coordinating discussion among different teams and helping us identify gaps
Camosun College
Guided Implementation
10/10
$25,000
20
No worst part, these tools take time to work through. The benefits of a structured threat and risk assessment using the STRIDE model is fantastic! ... Read More
California Department of Human Resources
Guided Implementation
10/10
$113K
115
The best part of the experience was the invaluable assistance and advice provided by the analyst, Ian both in terms of research assistance, and in ... Read More
American Transmission Company
Guided Implementation
8/10
$2,393
5
Tools and templates are great.
STERIS Corporation
Guided Implementation
10/10
$12,599
29
Ian is a joy to work with. He really takes the time to tailor the work around progressing programs with actionable items each meeting to improve th... Read More
State of Hawaii – ETS
Guided Implementation
10/10
$64,999
50
Good: - helped realign priorities - will revisit once we've establish a more solid baseline on security program
London Health Sciences Centre and St. Joseph’s Health Care, London
Guided Implementation
9/10
$10,000
5
Overall understanding of problem and some suggestions for a brainstormed solution.
Southwest Gas Corporation
Guided Implementation
10/10
$125K
20
Ian if very knowledgeable about your product as well as risk. He listens well and provides great feedback. We see Ian as a great resource and con... Read More
Atlantic Canada Opportunities Agencies
Guided Implementation
8/10
$47,500
10
Very good feedback. Open discussions. Varied ideas. Strong focus on IT less pertinent to my role, but nonetheless useful. Services are very appr... Read More
Canadian National Railway
Guided Implementation
10/10
$2,000
5
Blessing Hospital
Guided Implementation
8/10
N/A
N/A
Good discussion and follow-up call with additional analyst and different blueprint that may be more targeted towards Dr. Siddiqui's interest.
Blessing Hospital
Guided Implementation
10/10
N/A
N/A
Can't estimate the savings at this point however call exceeded expectations in research material being able to solve the business problem at hand.
California Department of Corrections & Rehabilitation
Guided Implementation
9/10
N/A
N/A
Federal Home Loan Bank of Chicago
Guided Implementation
10/10
N/A
N/A
I loved talking with Ian about risk philosophy! He helped me put together a risk tolerance and risk register for my organization that was focused ... Read More
Nakisa Inc.
Workshop
8/10
N/A
20
All was good.
The Ottawa Hospital
Guided Implementation
10/10
$11,500
10
British Columbia Transit
Workshop
8/10
$50,000
20
California Department of Corrections & Rehabilitation
Guided Implementation
9/10
N/A
N/A
Great insight on how to work through the program steps. Lots of knowledge and advice on what's important and whether a methodical or practical app... Read More
Apria Healthcare
Guided Implementation
8/10
N/A
N/A
Colonial Savings, F.A.
Guided Implementation
10/10
$764K
10
Ian did a great job of understanding what I was trying to accomplish and modifying the process for my needs.
BWX TECHNOLOGIES, INC.
Guided Implementation
9/10
N/A
N/A
Workshop: Assess and Manage Security Risks
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Module 1: Build Program Governance
The Purpose
- Design an effective governance structure for managing security risk.
Key Benefits Achieved
- Security risk management governance
structure
Activities
Outputs
Assess security risk management (SRM) program maturity.
- Program goals and scope
Define SRM governance.
- Roles and responsibilities
Build a security risk assessment framework.
- Risk assessment framework
- Risk tolerance
Module 2: Identify Information Security Risks
The Purpose
- Develop a process for identifying information security
risks.
Key Benefits Achieved
- Defensible and realistic process to identify security risks.
Activities
Outputs
Build a repeatable security threat and risk assessment (TRA) process.
- Repeatable TRA process
Prepare the sample TRA.
- Sample TRA to trial the process
Evaluate relevant assets.
Module 3: Analyze Information Security
The Purpose
- Establish a repeatable methodology for analyzing information security risks.
Key Benefits Achieved
- Leverage artificial intelligence to enhance the analysis of information security risks.
Activities
Outputs
Assess likelihood and impact.
- Process to assess and prioritize security risks
Prioritize security risks.
- List of prioritized security risks
Identify risk treatment options.
Module 4: Treat Information Security Risks
The Purpose
- Define security risk treatment process.
Key Benefits Achieved
- Integrated security risks within IT and enterprise risk management.
Activities
Outputs
Identify quick wins to reduce exposure.
- Risk register with a risk inventory of security risks.
Build risk management action plans.
- Defined and prioritized risk management action plans
Build risk monitoring and communication plan.