IT Security Risk Management

Build a strong and secure IT department with IT security risk management.

Viruses, worms, trojans, and hackers are no longer the only threats that face IT departments.

Today, companies rely on IT more than ever to get business done, so they face tremendous risks to the confidentiality, availability, and integrity of their information assets.  In addition, new regulations and laws mean that executives must be certain that they are protecting the sensitive data on their computer networks and ensuring that their IT investments are being properly managed.

The Sarbanes-Oxley Act, the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, and other laws set strict requirements that affect companies’ IT infrastructures. The penalties for noncompliance are high.   In addition to financial and reputational loss, some of these add the threat of stiff penalties—including jail—to ensure compliance.

L&A’s IT risk management team helps clients interpret regulations and policies and understand how they affect their businesses.  We then help clients prove that they have met the requirements or assist them with becoming compliant.

The team identifies the requirements with which businesses need to comply; assesses the level of compliance; provides a graphically formatted risk scoring evaluation; and then puts into place the necessary protocols to ensure that the client remain in compliance.  We use a consultative approach to helping mitigate IT risk that includes:

  • Auditing a client’s policies, procedures, and technological resources to gather data on what’s in place and what threats exist to a client’s IT department, including hackers, insider attacks, poor governance, and noncompliance with regulations.
  • Conducting external penetration testing and internal vulnerability assessments.
  • Providing a clear and easily understandable risk prioritization matrix.
  • Offering specific recommendations to help mitigate the risks discovered.  These can range from new security policies to improved access control systems and stronger IT control processes.

Our team of IT risk managers is expert in a range of complex, internationally accepted frameworks that are designed to build strong and secure IT departments.  Some of the frameworks we use to reduce IT risk include:

  • ISO 17799 (Code of Practice for Information Security Management)
  • The Committee on Sponsoring Organizations of the Treadway Commission (COSO)
  • Control Objectives for Information and Related Technology (CobiT)
  • Payment Card Industry (PCI) Data Security Requirements