Security risks to IT systems are constantly evolving. A Technology Risk Assessment provides a big-picture view of potential threats and the likelihood of adverse events (such as system attacks). This service has particular value for organizations with no or perhaps outdated internal controls, because identifying potential risks is the necessary first step to implementing effective controls that will provide the foundation for ongoing system risk management.

SJU professionals offer deep experience and up-to-date knowledge to assess your system accurately and clearly identify risks and relevant controls. We serve companies in industries such as financial services, banking, payment processing, healthcare and technology. What’s more, we understand the regulatory requirements relevant to your industry.

Formulated on industry standards, our structured and thorough assessment process is comprised of:

• IT system characterization, which defines your system’s boundaries, functions, criticality and sensitivity
• Threat identification, which yields a threat statement that details potential threats
• Vulnerability identification, which lists potential vulnerabilities
• Control analysis, which lists current and planned controls
• Likelihood determination, which assesses threats, vulnerabilities and in-place controls to determine the chances of an exploit or attack
• Impact analysis, which analyzes impact of an adverse event on the business and IT system
• Risk determination, which determines the likelihood of system exploits and their impact plus adequacy of controls
• Control recommendations, which offers objective advice to mitigate risk
• Results documentation, which details all of the above process

For example, we might provide an assessment for a financial institution, and examine its core banking applications, online banking and telephone banking services, its employee interactions in terms of customer support at branch offices and through a virtual private network, and its data storage at a server located offsite at a data storage vendor.

SJU Technology Risk Assessment services provide your management team with an accurate and clear picture. The written assessment we deliver pinpoints the risks to your organization and assists you in aligning the proper controls to mitigate each risk.