Knowlegeable, Practical Risk Assessment Services
What is an Information Security Risk Assessment?
According to the FFIEC, Financial institutions must maintain an ongoing information security risk assessment program that effectively
- Gathers data regarding the information and technology assets of the organization, threats to those assets, vulnerabilities, existing security controls and processes, and the current security standards and requirements;
- Analyzes the probability and impact associated with the known threats and vulnerabilities to their assets; and
- Prioritizes the risks present due to threats and vulnerabilities to determine the appropriate level of training, controls, and assurance necessary for effective mitigation.
Why is it important?
Information is one or your most important and valuable assets. Customers, shareholders and examiners expect that you actively protect and manage sensitive information. A loss or breach of this information can cause irreparable financial and reputation damage.
An information security risk assessment is a critical, initial step required to build a robust, reliable ongoing risk management program. The risk assessment should be used by risk management teams, and the board, to clearly identify information assets; what the value of these assets are; identify the number and severity of risks to these assets; and then identify the current controls in place and their effectiveness.
The risk assessment report can then be used as a foundation to establish a plan to improve and monitor your levels of information security risk. Without quality information, key decision makers cannot effectively understand and protect critical information assets in a responsible way.
Supernal’s team of qualified risk management specialists have performed more than 200 risk assessments for community financial institutions. The team has backgrounds as regulators, in-house risk managers at institutions and consultants to the financial industry. We take a systematic, logical approach to risk management and understand that you don’t just want a report card for an exam. You want an impartial report to use as the foundation of a strategic plan.
Meet with your team before the engagement to deliver a proposal that identifies your unique needs and situation
Travel onsite and meet with key staff in each of the identified operational areas
Perform a risk assessment using Scout, our industry-leading risk assessment software
Generate a meaningful report that staff and the board will understand and use – this report can be used at exam time
Follow up with identified staff to explain the report and answer questions