IT Security Risk Management

It has often been stated that security specialists are trained to see malicious cyber activities everywhere and devise ways to deal with them, but sometimes neglect to consider how great the risk is and the value of the system that is at risk, not to mention the damage that could be caused. EWA-Canada has long believed that security information needs to be presented in a “business context”, one that is comprehensible by senior management and by operations staff. It is often times a recurring problem that information security people do not understand the business being assessed. It is this problem that EWA-Canada’s approach to IT security reviews and risk assessments attempts to address.

Our approach to risk assessments and risk management strategies include research to confirm our understanding of policies, operations and procedures, interviews using a pre-defined questionnaire to categorize types of client sensitive information holdings, a comprehensive review of the IT network security architecture to identify compliance issues, and the tailored implementation of best practices relating to security incident alerting, reporting and assessment guidelines.

In assessing operational risk, EWA-Canada is a recognized leader in information infrastructure protection auditing and testing, and it has been a core corporate competency for more than 10 years. Over that period we have covered the full range of vulnerability and penetration testing from routine testing of networks and web sites for vulnerabilities, through sophisticated penetration testing of core security technologies using custom-developed exploits, to successful no-knowledge penetration tests of networks to “capture the flag” using a variety of technical and social engineering techniques. Our structured VA methodology has been designed to cover the full range of test requirements:

Many individual IT security risk management standards, guidelines, procedures and activities exist: security policy planning and definition; business continuity; threat risk assessment; implementation of security safeguards and technologies; and Common Criteria standards to name a few. EWA-Canada has the experience and expertise to integrate these sometimes disparate activities into a cohesive, structured approach to managing risk in a traceable and repeatable manner.

Please Contact Us for further information.