From Realization to Resolution

“The objective of risk management is to assure uncertainty does not interfere with the achievement of business goals.”

Getting your arms around this important business function can often seem impossible, but Centripetum is here to help you build a road map and develop a program to start down that journey.  Every organization is different – we customize our approach to your needs, expectations, budget, and ‘risk tolerance’.

Risk management always starts at the top.  Governance services include…

  • Consulting – Supported roles include CISO/CRO, CIO, and CFO/Controller
  • Governance and Ownership Planning
  • Vision Achievement – Define the Future State, Build a Roadmap and Milestones
  • Policy Development – Establish Organizational Structure, Meet Legal Standards and Requirements
  • Standards Implementation – Apply Recognized Governance Best Practices, such as ISO 27000 and COBIT

Operations and Management services make sure risk and security controls are effectively implemented…

  • Management and Succession Planning
  • Systems Consulting – System Administration, Network Architecture
  • Process and Procedure Development
  • Configuration and Change Management
  • Business Continuity Planning
  • Incident Response Programs
  • Breach Notification Laws and Requirements
  • Forensic Advisement *

You can’t fix the problem until you know what it is.  Vulnerability services include…

  • General – Policy and Procedure Reviews
  • Physical – Walk-downs, Penetration Tests
  • Network – One-Time or Scheduled System Scans, Detailed Configuration Reviews of Infrastructure and Endpoints
  • Insider – Environmental Assessments, Role and Responsibility Assessments

Moving from the current state to the future state always requires a hard look in the mirror.  Assessment services include…

  • Risk Scoring
  • Maturity Modeling (CMMI)
  • Remediation Planning
  • Legal Risk Expectations – Cyberlaw at the State, Federal, and International Level
  • Compliance Risk Expectations – Data Privacy, Credit Card Processing, Health Information

Remediation may require addressing and updating numerous elements of the organization, including…

  • Policy, Program, Process, and Procedures
  • Physical Environment/Construction
  • Systems Architecture
  • Employee and Contractor Training
  • Reconfigurations of Systems and Processes ++
  • System Upgrades and New Deployments *

Perhaps the single-most important risk activity: if you aren’t regularly looking for problems, how will you ever know they are there… when it’s too late?

  • Constant Monitoring – SIEM Monitoring, Network Scans, Vulnerability Scans
  • System Reviews – Infrastructure and Endpoint Logs
  • Reporting – Weekly/Monthly Reports, Situational Awareness Meetings
  • Planned Change Consulting – Mission/Vision Adherence, New Projects, Systems Acquisitions

From insurance companies to the Federal government, audits are increasingly required to demonstrate your due diligence for managing risk. Find out where you stand before they happen…

  • Self Assessments – Determine Governance Engagement and Oversight of Risk Programs
  • Compliance – Identify Problems Before Others Do (SOX, PCI-DSS, HIPAA, FERPA, NERC CIP, IRS 1075)

An organization is only as strong as its weakest component.  Management and staff must be ready to handle new operational paradigms through…

  • Education – Business Management, Planning, Documentation Maintenance, One-on-One Sessions
  • Training – Technical Tools, Software and Hardware, Ops Management Best Practices
  • Culture Modification – Configuration Management, Six Sigma, Leaning, Total Quality Management (TQM)