Application Secure Coding Guidelines
Information Security Policies
1/3 of all breaches are associated with authorised users
Speak to the Risk Factory Foreman, and he'll tell you everything you need to know.
Call us on 0800 978 8139
An Information Security Threat & Risk Assessment is the process to define, locate and categorise the information assets associated with your business, determine the security threats and vulnerabilities associated with those assets, and to mitigate those threats in line with your business goals. A good threat & risk assessment should answer the following questions:
It’s the first and most crucial step in information security risk management. It identifies exactly what your business needs to protect, where it’s located and why you need to protect it in real cost impact terms that everyone should understand.
All things originate from conducting this assessment. If you are security testing your systems and have not conducted a threat assessment, you are wasting your time and money as the objective of any security testing should be access to information that you are trying to protect.
The outcome provides clear security objectives for your architecture, policies, procedures, employees, testing, incident response and business continuity planning and should serve as your yard-stick for budgeting.
If that’s not reason enough, conducting Information Security Threat & Risk Assessments is internationally recognised best practice and required for compliance to virtually all governance risk and compliance frameworks.
An Information Security Threat & Risk Assessment should be conducted at least annually or after any significant change to your systems (e.g. move to a cloud platform) or business processes.
You’ll need to supply the name and number of exterior-facing Internet Protocol (IP) addresses associated with your systems for us to use in conducting the technical security vulnerability assessment. If you don’t know these, don’t panic our Factory Foreman can help you.