Home News Careers Contact us
Home Services Products Industries Company Investors Investors

Search
  Services
Enterprise Application Services
Infrastructure Solutions
Managed Services
Microsoft Solutions
Software Development
SAP Services
Security and Risk Management
Strategic Staffing
 
  Newsletters
 
 

 
Security and Risk Management Services
LSI solutions will help you to plan, build, and maintain a successful security risk management program
Survey of Security Risk Management Practices
It is important to lay a foundation for the LSI security risk management process by reviewing the different ways that organizations have approached security risk management in the past.
 
The Four Phases of the LSI Security Risk Management Process

LSI security risk management process and defined risk management as an ongoing process with four primary phases:

  1. Assessing Risk: Identify and prioritize risks to the business.
  2. Conducting Decision Support: Identify and evaluate control solutions based on a defined cost-benefit analysis process.
  3. Implementing Controls: Deploy and operate control solutions to reduce risk to the business.
  4. Measuring Program Effectiveness: Analyze the risk management process for effectiveness and verify that controls are providing the expected degree of protection.
The following figure illustrates each phase and its associated steps.
 
Assessing Risk
 

The overall risk management process comprises four primary phases: Assessing Risk, Conducting Decision Support, Implementing Controls, and Measuring Program Effectiveness. Our risk management process illustrates how a formal program provides a consistent path for organizing limited resources to manage risk across an organization. The benefits are realized by developing a cost-effective control environment that drives and measures risk to an acceptable level.

The Assessing Risk phase represents a formal process to identify and prioritize risks across the organization. The LSI security risk management process provides detailed direction on performing risk assessments and breaks down the process in the Assessing Risk phase into the following three steps:

  1. Planning. Building the foundation for a successful risk assessment.
  2. Facilitated data gathering. Collecting risk information through facilitated risk discussions.
  3. Risk prioritization. Ranking identified risks in a consistent and repeatable process.
Conducting Decision Support
The decision support process includes a formal cost-benefit analysis with defined roles and responsibilities across organizational boundaries. The cost-benefit analysis provides a consistent, comprehensive structure for identifying, scooping, and selecting the most effective and cost efficient mitigation solution to reduce risk to an acceptable level. Similar to the risk assessment process, the cost-benefit analysis requires strict role definitions in order to operate effectively. Also, before conducting the cost-benefit analysis, the Security Risk Management Team must ensure that all stakeholders, including the Executive Sponsor, have acknowledged and agreed to the process.

During the Conducting Decision Support phase, the Security Risk Management Team must determine how to address the key risks in the most effective and cost efficient manner. The end result will be clear plans to control, accept, transfer, or avoid each of the top risks identified in the risk assessment process. The six steps of the Conducting Decision Support phase are:

  1. Define functional requirements.
  2. Select control solutions.
  3. Review solutions against the requirements.
  4. Estimate the degree of risk reduction that each control provides.
  5. Estimate costs of each solution.
  6. Select the risk mitigation strategy.
Implementing Controls and Measuring Program Effectiveness
Implementing Controls
During this phase, the Mitigation Owners employ the controls that were specified during the previous phase. A key success factor in this phase of the Microsoft security risk management process is that the Mitigation Owners seek a holistic approach when implementing the control solutions. They should consider the entire Information Technology (IT) system, the entire business unit, or even the entire enterprise when they create their plans for acquiring and deploying mitigation solutions.
Measuring Program Effectiveness
During this phase, the Mitigation Owners employ the controls that were specified during the previous phase. A key success factor in this phase of the Microsoft security risk management process is that the Mitigation Owners seek a holistic approach when implementing the control solutions. They should consider the entire Information Technology (IT) system, the entire business unit, or even the entire enterprise when they create their plans for acquiring and deploying mitigation solutions.

 

 
 
 
  SAP Services

LSI delivers full-service SAP implementation solutions, including staff augmentation, software implementation, Internet technologies and Solutions Center. LSI and its team of highly experienced SAP professionals can deliver solutions that are comprehensive, timely and customized to your specific needs.

more ...
 Quicklinks
Jobs
Services
Industries
Press News
Management
Training
 Latest News
View our News section for latest news and updates
 
Home  |  Services  |  Products  |  Industries  |  About us  |  Investors
© 2009 Logistic Solutions, Inc., All Rights Reserved, Terms & Conditions | Disclaimer