ICT Security Risk Assessments

- serving the ICT industry, Government Agencies and ICT Service and Software organisations in New Zealand.

An accurate Risk Assessment and Statement of Applicability for an agency’s system(s) under review is key to meeting Certification & Accreditation requirements. CANDA has worked with many risk frameworks, and different agency approaches to assurance and risk management.

ICT Security Risk Assessments

- serving the ICT industry, Government Agencies and ICT Service and Software organisations in New Zealand.

An accurate Risk Assessment and Statement of Applicability for an agency’s system(s) under review is key to meeting Certification & Accreditation requirements. CANDA has worked with many risk frameworks, and different agency approaches to assurance and risk management.

What is Risk Assessment and why is it important?

Risk Assessment is an important component of a successful ICT security programme, and a key requirement for a well managed ICT environment.  Government agency risk assessments are required for compliance with NZISM, and the Protective Security Requirements Framework.  Identifying risk is key to ensuring the best use and application of security controls, resources and budget in the mitigation of business risk.

Understanding and managing risk is key to good ICT governance and helps to ensure the safety and security of key business systems.

What is a Statement of Applicability? (SoA)

On review of the risk assessment systems owners should provide a statement of applicability for the system which includes:

the baseline of the NZISM manual used for determining controls; controls that are, and are not, applicable to the system; controls that are applicable but are not being complied with; and any additional controls implemented as a result of the risk assessment.

As part of the risk assessment process, organisations must produce an SoA that contains:

  • The necessary controls;
  • Justifications for their inclusion;
  • Whether the necessary controls have been implemented or not; and
  • Justifications for excluding any controls.

The SoA then feeds into the Controls Catalogue which lists the controls which best mitigate risks identified for the system under review.

What CANDA ICT Security Experts can do for you

CANDA undertakes Risk Assessments, and Systems Certification related activities to help business owners understand real systems risk.  CANDA can help to augment current agency or business Governance Risk and Compliance capabilities or provide a complete service to ensure that targets and objectives are met.  Our capability, experience and expertise are wide-ranging.

CANDA can:

Identify, Analyse and Assess Risk

Our experienced team can identify threats, and assess the risks that have potential to compromise the, confidentiality, integrity or availability of business assets you are reliant on.  We’ll work to analyse how the risk might occur, identifying any vulnerabilities and threats that might exploit those vulnerabilities to gain a real understanding of your business systems risks.

Risk Treatment

Once risk is assessed, CANDA can help with mitigation planning or risk treatment decisions.  We will usually work within established frameworks and processes but can also be relied upon to create these where they are not in place.  Risk Treatment decisions should not be taken lightly and CANDA can become a trusted partner in assisting with this process and help optimise your people process and technology resources to ensure ‘best bang for bucks’.

Plan your risk management framework

If your current risk management framework is lacking in effectiveness, CANDA can help to provide the appropriate Governance or Risk consulting advice to plan a way forward to achieve a more effective outcome.

Contact CANDA today

 

We’re always available for a discussion to assess and discuss your requirements.

Our experienced team at CANDA are experts in everything GRC related and can provide a range of services to ensure your agency or business meets NZISM requirements, or gain an improved security posture.

As New Zealand’s trusted and impartial experts on guiding agencies through the Certification & Accreditation process, we have extensive experience in resolving your security and risk concerns.

Contact CANDA today to speak to one of our team and learn more about how we can help.

CONTACT CANDA