IT Risk Assessment Objectives

  • Identify critical information

  • Inventory supporting assets

  • Assess threats to assets and information

  • Evaluate risks

IT Risk Assessment Venn Diagram

Contact Us

Seattle, Washington:
150 Nickerson Street
Suite 106
Seattle, WA 98109
Phone: 206-352-6028
Fax: 206-633-0235
Louisville, Colorado:
361 Centennial Parkway,
Suite 150
Louisville, CO 80027
Phone: 303-554-6333
Fax: 303-554-7555

Recent Coalfire News

Coalfire Labs
Coalfire Receives IOMA Award
Website Launch
 

IT Risk Assessment

Information is prolific in today’s business environment. Understanding the people, processes, and technology that interact with sensitive and mission-critical information is vital knowledge for any information security program.
At Coalfire, we understand that risk assessment is the single most important information security activity that an organization can perform. Risk Assessment should help define the appropriateness and fitness of security control required within the organization, allowing the organization to make informed risk treatment decisions and investments.
Coalfire's Risk Management services are structured to be "Information Centric", rather than technology centric, to help organizations understand the relevance of threat and vulnerability to their business. Since information ultimately drives security requirements for processes and assets, our risk management services not only help organizations understand the real risks to technology assets, but also the level of control necessary to reduce risk.
Coalfire provides our Risk Management services through the use of efficient processes and automated solutions that help collect risk information analyze and rationalize control treatments. Our risk assessment process is closely aligned with NIST 800-30 (Risk Management Guide for Information Systems), NIST 800-60 (Mapping Information and Information Systems to Security Categories) and FIPS 199 and standards. Coalfire offers three discrete risk assessment services to help enable the full risk management lifecycle:

General Information Risk Assessment
Coalfire's General Security Risk Assessment services systematically inventories and assesses the risks to data confidentiality, integrity, and availability, allowing organizations to assess a broad range of threat and risk. These processes include:
  • Facilitating formal definitions for availability, integrity, and confidentiality requirements;
  • Inventorying and characterizing business processes against these requirements;
  • Inventorying and characterizing the information systems used in the delivery of information to business users and processes;
  • Establishing threat profiles;
  • Identifying physical, technical, and administrative vulnerability;
  • Formally understanding risks to data confidentiality, integrity, and availability.

Compliance Risk Assessment
Our compliance risk assessment is similar to our General Security Risk Assessment in terms of activities, but focuses exclusively on regulated or classified information that requires stringent levels of control; information such as:
  • Personal Financial Information (PFI);
  • Protected Health Information (PHI);
  • Payment Card Data;
  • Personally Identifiable Information (PII), such as drivers license numbers, social security numbers, and student records;
  • CAML Scores.

For more information on Coalfire's IT Risk Assessment services, please contact: