The threat to business and in the home has become all that much greater because of:
- Explosive growth and aggressive use of technology
- Proliferation of data
- Sophistication of threats
Based on critical applications used in the automotive and aviation industries, Sterling uses a systematic approach to assessing and reporting risks and threats. By evaluating the probability of a risk/threat against its likely impact, a priority action plan can be made and counter-measures identified to mitigate those risks.
Sterling’s approach has proved beneficial in reducing and eliminating risks and threats and also helps organisations to demonstrate a reasonable response to obligations if ever faced with litigation.
This service is also beneficial for those considering the purchase of new business premises, or even a new home. Such investments often represent the greatest outlay that you might make. Therefore it is worth undertaking a security survey as a matter of good governance.
Some organisations seek Risk Management certification; it may be a ‘desirable’ or even a requirement to do business with certain clients. If so, Sterling is able to advise you which of the standards might be most appropriate and, if necessary, help you to achieve these.
An example of such standards that Sterling is involved with are:
- ISO 27001: Risk Management and Compliance
- ISO 27005: IT Risk Management
When undertaking Security Surveys and Risk Assessments, Sterling takes into account a wide range of considerations. The principle ones are set out in the table below, together with their definitions.
|Risk||Extent to which an entity is threatened by a potential event (Quantitative or Qualitative).|
|Risk Assessment||Prioritisation of risks based on probability and impact of an event.|
|Threat||Circumstance with potential to adversely impact organisational operations, assets, individuals, and others.|
|Vulnerability||Weakness in an information system, procedures, controls, or implementation.|
|Impact||Magnitude of harm expected to result from the consequences of an event.|
|Probability||Likelihood that a threat event will be initiated or will occur.|
|Predisposing Conditions||Condition which affects the probability that threat events, once initiated, result in adverse impacts.|