NIST 800-30 Risk Assessment
A Risk Assessment requires that Management identify, assess, measure, mitigate, and monitor those risks that may be present due to the type of services offered and the systems employed to deliver those services. Generally scoped out risk assessments are asset focused and qualitative in nature. In a qualitative approach we will assign a rating to each risk and countermeasure that is derived from a consensus opinion of E3 and the organization being tested. We will develop scenarios to lay out the possible threats their potential likelyhood and impact. We then factor in compensating and mitigating controls to determine the residual risk the organization may have in regards to their critical assets.
The NIST 800-30 Risk assessment framework is widely recognized as one of the most comprehensive risk assessment processes. E3 has more than 15 years experience guiding both large and small, state and federal agencies through the NIST 800 30 risk assessment. The key thing to understand is that adopting this framework gives an organization an ongoing process to continually assess and manage risk related to its IT Assets.