Risk Management Methodology


Published on

RedLegg's unique approach to Security Program Development is based on a solid Risk Management Foundation. The Risk Management approach considers the business needs while navigating the complexities of legal, regulatory and security requirements.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Risk Management Methodology

  1. 1. RISK MANAGEMENTRISK MANAGEMENTRedlegg’s unique approach to Security Program Redlegg’s ARMEE (Assess, Remediate, Monitor, Educate,Development is based on a solid Risk Management Enforce) methodology applies a lifecycle approach to Riskfoundation. The Risk Management approach considers the Management. This lifecycle is applicable regardless ofbusiness needs while navigating the complexities of legal, regulatory requirements and is designed to be portable toregulatory, and security requirements. the unique legal, regulatory, security, and business needs of the organization.Assess• Risk Assessment• Compliance Gap Assessment / Readiness• Vulnerability Assessment ASSESS• Security Controls Review• Network Architecture ReviewRemediate• Policy and Procedure Development ENFORCE REMEDIATE• Incident Preparedness Development RISK• Network, System, and Data Security Controls Implementation MANAGEMENT• System Hardening / ConfigurationMonitor• Data Flow Monitoring• Log Monitoring / Management• Intrusion Detection EDUCATE MONITOR• Configuration / Change Management• Account / Activity AuditingEducate• Security Awareness Development and Delivery• Information Security and Risk Management WorkshopsEnforce• Data Loss Prevention• Encryption• Endpoint Protection• Content Filtering• Vulnerability Management• Wireless Intrusion Prevention 311 N Aberdeen Ste 300C, Chicago, Illinois 60607 | Tel. 877 811 5040 | Fax. 312 275 7806 | www.redlegg.com
  2. 2. ASSESSISO 27002 Gap Assessment Cloud Security AssessmentRedLegg’s ISO 27002 Gap Assessment provides a RedLegg’s Cloud Security Assessment offering has beencomprehensive assessment of Security Policies, developed in accordance with the Cloud Security AllianceProcedures, and Controls currently in place as well as framework. RedLegg is committed to participatingrecommendations for enhancements that support and driving the security standards associated with cloudregulatory and business requirements. computing and sits on the board of the CSA Chicago Chapter. RedLegg’s Anatomy of a HackRedLegg’s FISAP (Shared Assessment Program) RedLegg’s Enterprise Security Assessment includes an Anatomy of a Hack that outlines the specific steps the assessor has taken to compromise your environment.RedLegg’s FISAP (Financial Institution Shared Assessment This provides a unique perspective from an attacker’sProgram) allows clients to reduce their 3rd party audit point of view that allows you to focus on therequirements while providing their clients with increased vulnerabilities that present the greatest degree of risk andassurance their data is protected. impact to your environment. 311 N Aberdeen Ste 300C, Chicago, Illinois 60607 | Tel. 877 811 5040 | Fax. 312 275 7806 | www.redlegg.com
  3. 3. REMEDIATEPolicy Framework Development Incident Response PlanDeveloping a comprehensive Risk Management Program RedLegg’s Incident Response Plan provides thebegins with a foundation of policies and procedures. preparedness required to respond to unexpected events.RedLegg’s Policy Framework creates the Governance Identifying Roles and Responsibilities as well as testing therequired to manage the security program and is based on plan ensures the organization is able to effectively containthe ISO 27002 standard. This approach allows for portability and manage data compromises.to any applicable regulatory requirements such as HIPAAor PCI.Security Controls Design and ImplementationRedLegg’s consultative approach to evaluating, selecting, Physical Controls Data Controlsdesigning, and deploying security solutions provides • Video Surveillance • Endpoint Protectionclients with the assurance the right solution is being • Access Control • Mobile Deviceselected in accordance with business requirements. ManagementRedLegg’s security solution portfolio supports a full array Network Controls • Encryptionof vendor solutions and allows clients to implement • Firewalls • Tokenizationsolutions that support the Monitoring and Enforcement • Intrusion Detectioncomponents of the security lifecycle. • Content Filtering Security Information Application Controls and Event Management • Vulnerability (SIEM) • Log Management Policies and Procedures Management • Event Monitoring / • Access Control Alerting • Configuration Physical Network Application Data Management Controls Controls Controls Controls • Change Management Security Information and Event Management 311 N Aberdeen Ste 300C, Chicago, Illinois 60607 | Tel. 877 811 5040 | Fax. 312 275 7806 | www.redlegg.com
  4. 4. EDUCATEExecutive BriefingRedLegg’s Executive Briefings present technicalvulnerabilities in a business friendly format allowingExecutive Management to mitigate risk in accordance withbusiness requirements.Security Awareness Program DevelopmentRedLegg’s Information Security Awareness Developmentprovides clients with a fully customized process that isspecific to the clients end user base. Content is developedin accordance with business, legal, and regulatoryrequirements such as HIPAA or PCI. 311 N Aberdeen Ste 300C, Chicago, Illinois 60607 | Tel. 877 811 5040 | Fax. 312 275 7806 | www.redlegg.com