The primary purpose of a Risk Assessment is to provide a measure of the relative threats to and vulnerabilities of a system, network or even organization, so that security resources can be effectively distributed to minimize potential loss. More specific benefits of a risk assessment include:

• Identifies threats, vulnerabilities, and likelihood of occurrence of the threat on the vulnerability being exploited

• Creates cost-effective mitigation (safeguard) recommendations

• Defines measures for adequately protecting assets and information

• Defines security requirements of an application/system

• Provides greater assurance of maintaining availability of assets and information

• Limits liability by proving due diligence and compliance

• Allows management to make a reasoned decision to determine adequate security for the system or application

The risk assessment, or portions thereof, can also effectively be put to use at various stages of a systems life cycle. For example, when performed during a systems design, a risk assessment becomes the premier tool for evaluating the sensitivity and criticality of the proposed system and helps you to determine what controls are appropriate commensurate with the system's needed level of protection. In essence, it supplements the effort of defining the system's security requirements. Furthermore, this information is invaluable for drafting or refining a system security plan.

The Prometheus Group's Risk Assessment process is also fully FISMA and DIACAP compliant for our federal customers and works equally well for our State, Local and commercial customers. If you need help assessing your risk, contact us today!