CTRL Groups Risk Assessment is a data-centric risk methodology that examines the critical data groups within your organization from the ground up. Through workshops with the data owners within the organization it assesses the impact of a loss of confidentiality, integrity, accountability and availability on the business from multiple perspectives including financial, reputational, legal, the company mission and others. From there methods of storage and access are catalogued and mapped to the data categories. Each of these then have their security controls assessed against industry best practice, taking into account both internal and external access paths. This is conducted both through a security evaluation platform and in workshops with data owners, the risk authority and control authority.
The resulting exposures are heat mapped across all data categories and environments clearly revealing risks in confidentiality, integrity, accountability and availability.
Wherever a gap in security controls presents itself, our team provides a list of recommended actions to eliminate or reduce the risk.
Why Is This Important
- Provides important evidence that in the event of a breach your organization has done its due diligence and made every effort to harden your security posture.
- Puts management on the same page as to what data is business critical and draws a line on acceptable risk when it comes to handling data.