IT Security. Risk Management. Business Intelligence.
Our Foundation, Your Advantage

 

 Risk Management

 Security Consulting Services

 Infrastructure Assessments

 Application Security
 Technology Solutions

 


  Risk Management White Papers

 



Risk Management Practice

 Today’s risk assessments range from methods that are simply vulnerability scans, to those that revolve almost completely around compliance to some standard or regulation. This is not to say that those methods cannot provide value, they absolutely can. What matters is whether they provide value within your organization.

As we see it, the information security profession exists to help organizations manage the probable frequency and magnitude of loss. Aliado's proven methodologies are focused on risk, so whether you have a single difficult risk scenario you need to analyze, need help determining the risk posture of an entire organization, or something in between, Aliado can help.

Regardless of your needs, you will find our variety of approaches to be uniquely effective and meaningful to management.
 

Aliado Risk Analysis – A combination of proven qualitative and quantitative approaches that helps organizations analyze and manage risk.

Comprehensive Risk Assessments

Risk Assessments and Compliance Gap Analysis Assessments use the framework of the ISO 27002 standard as it provides internationally-accepted, best practices with standardized criteria to implement an effective information security management system. The basis for the standard is that information is an organization’s most valuable asset. As a valued asset, information must be managed and protected from internal and external threats. In order to protect its information assets, the organization must develop sustainable security measures and integrate those measures into its business processes. ISO/IEC 27002 assessments provide strategic and tactical direction for assessing, measuring, and preventing threats, and propose a range of security controls focused on safeguarding information assets.

Best Practices Risk Assessment

An information security risk assessment is the process used to identify and understand risks to the confidentiality, integrity, and availability of information and information systems. In its simplest form, a risk assessment consists of the identification and valuation of assets and an analysis of those assets in relation to potential threats and vulnerabilities, resulting in a ranking of risks to mitigate. The resulting information should be used to develop strategies to mitigate those risks.

 

Sarbanes Oxley (SOX) Assessment

This assessment will include policy review, architecture review and security practice review. By taking this approach, a security control baseline will be compiled for the customer environment. This will give the customer an understanding of the current state of security as well as an accurate roadmap to Sarbanes-Oxley IT security compliance. In addition to technical reviews and policy inspection, a comprehensive requirements matrix will be compiled. This matrix will show mapping to specific security requirements, as interpreted by the provider, of Sarbanes-Oxley sections 302, 404, and 802.

 

Gramm-Leach Bliley (GLBA) Assessment

The GLBA assessment process is designed to identify, measure, manage, and control the risks to system and data availability, integrity, and confidentiality, and ensure accountability for system actions within financial institutions. This particular assessment will follow the guidelines as provided by GLBA and FFIEC to assess the current level of compliance to GLBA and relative security of the environment.

 

Health Insurance Portability and Accountability Act (HIPAA) Security Assessment

Section 164.308(a)(1) of HIPAA requires an organization to conduct the risk analysis of the organization. This analysis is required to understand the flow of e-PHI (Electronic Protected Health Information) in the organization and the result of this analysis will facilitate creation of security policies & procedures and support the recommendation to initiate the HIPAA Security Compliance related remediation activities. This assessment will enable organizations to gain a full understanding of their compliance with HIPAA, provide a gap analysis against current security controls, and provide a remediation plan to achieve full compliance.    

 

Applied Information Economics

Applied Information Economics is a scientific and theoretically sound method that provides measurable improvements for management decisions.

The most important decisions in business and government are also those with higher uncertainty and more factors that appear to be immeasurable. Risk, value, performance, and quality are just a few factors that need to be measured in order to manage them. Making economically rational decisions is becoming both more important and more difficult.

Yet, the most common methods used for assessing risky decisions are shown to provide mostly a "placebo" effect - management feels better but there is no measurable improvement in decisions or forecasts. Traditional accounting-style cost/benefit analysis does not quantify uncertainty and often excludes factors that are thought to be unquantifiable. Other methods attempt "soft" analysis techniques that add their own errors to the decision process while causing management to feel they are doing something about the problem.

If you are an executive in a position to make big decisions in your organization, you probably have asked yourself many of the following questions:

  • How can I compute a return on an investment if most of the benefits seem "intangible"?
  • How do I measure and manage risk when there is little historical data on this kind of investment?
  • How do I calculate the value of more, better, or faster information?
  • Is there any alternative to our subjective and politically driven decision process?


The AIE Solution

Applied Information Economics (AIE) is the first truly scientific and theoretically sound method developed for addressing the dilemmas even when they are thought to be too soft or uncertain for such methods. AIE uses methods that show independently, scientifically measured improvements to management forecasts and decisions. Even so-called intangibles like information value have proven economic formulae used for years in other areas of business.

Applied Information Economics: A Synthesis of Methods

  • Economics
  • Operations Research
  • Modern Portfolio Theory
  • Decision Psychology
  • Decision Theory
  • Game Theory
  • Options Theory
  • Quantitative Risk Analysis

AIE synthesizes several methods from economics, actuarial science, decision theory and Modern Portfolio Theory. This has been widely used in many practical business environments including insurance, manufacturing, transportation, utilities, banking, .com startups, and media. AIE is a complete-solution methodology that includes training, tools, process documentation, and initial consulting.

Unlike methods that produce arbitrary "scores" or unrealistic ROI's, AIE conducts a true "Risk/Return" analysis that would be recognizable to actuaries, economists, and financial analysts. All measurements are real measurements that are based on proven methods and have a known statistical validity.

AIE provides a measurable improvement for management decisions. This is the only method that can actually compute its own information value. Based on information value, AIE can be shown to be one of the most valuable investments in your portfolio of decisions. And the cost of AIE averages 2% or less of investments that it is used to assess.

In short, the best way to spend 2% of a budget is to figure out how to spend the other 98% in an economically rational way. Contact us at to find out how AIE can solve your management dilemmas.
            

To find out about our risk assessment services, contact us at sales@aliadocorp.com

 

 

 
Home | About Us | Contact Us | Privacy Policy | Terms of Use | Sitemap 
Powered by ePROneur.com