About

A security risk assessment identifies and evaluates an organisation’s information security risks. It subsequently defines and assigns risk mitigating strategies (security controls) to treat these risks in order to achieve an acceptable residual risk rating.

How we can help

Pākiki can provide an assessment that will consist of:

• Identifing security threats relevant for your organisation.
• Defining or reviewing your security risks.
• Assigning likelihood and impact ratings.
• Assigning and reviewing risk mitigating controls.
• Identifing risk owners and risk treatment roadmaps.

Methodology

The particular methodology will vary depending on the client’s needs, however broadly speaking the methodology is:

1. Information Gathering: Understanding your current security threats and risks.
2. Review Gaps: Understand where there are current gaps in your security risk policies and processes.
3. Provide advice: Take the output of the above checks, and use our understanding of your business to provide practical, tailored support and advice on how to effectively manage your information security risks.

Assessments will be against the client’s chosen risk management framework or against a framework we recommend (e.g. ISO 31000, ISO 27005).

Get in touch

We’d love to hear more about your organisation, and to discuss how we can help.