Information Risk Management
Lack of clarity regarding the true risk
companies face causes problems when addressing internal and external threats.
Since information risk management is an important component of enterprise risk
management, the processes, methods and metrics used to define information
security risks need to be integrated within the larger context of organizational
risk. ApZen is one of the few information security management consulting firms
to offer end to end services in this area.
SOLUTIONS SHOWCASE
Governance
In the Board Briefing on IT Governance, ITGI defines governance as the
set of practices exercised by the board and executive management with the goal
of providing strategic direction, ensuring that the objectives are met,
ascertaining that the risks are managed appropriately and verifying that the
enterprise's resources are used responsibly. Since information is one of the
biggest assets of an organizations, senior executives and board of directors are
progressively being tasked with defining governing organizational policy
statements about information security. ApZen's management consultants can offer
guidance in creation of these organizational policies through their depth of
information security expertise as well as domain knowledge in wide array of
industries.
Information
Security Strategy & Roadmap
Any information security organization must be closely tied with organizational
business objectives. The objective of an information security strategy is to
provide the basis of an action plan that can help achieve the security
objectives necessary for the success of the business. The strategy must also
provide well defined metrics to determine the level of success. ApZen's
proprietary LOCKS methodology can be used to map organizational business
principles to a long term security strategy and a detailed roadmap defining an
action plan of how to get there.
Risk
Assessment
Risk assessment is understanding the delta between organizational risk appetite
and existing state of affairs. ApZen has a proprietary risk estimation model
that can be used to determine the extent of risk as a a result of an existing
business process and/or system and the protection that is prudent based on
business requirements, objectives and priorities. We also provide a risk
acceptance model which can be used to accept the risk if mitigation
possibilities don't make sense because of opportunity, cost or business domain.
Standards,
Procedures & Guidelines
Standards, procedures and guidelines are the tools that are used to implement
the organizational information security policies. ApZen has extensive domain
expertise in this area. We specialize in generating customized standards,
procedures and guidelines based on your business domain as well as tactical and
strategic business needs.
Data
Classification
The first step in protecting data is to classify the data you have. ApZen can
work with you on defining appropriate data classification mechanism for your
organization and help build that data classification mechanism into your data
warehouse.
Information
Security Integration in SDLC
It is well known software engineering principle that the later you fix the
problems in software development lifecycle, the more expensive they are to fix.
The same principle applies to information security as well. Information security
should be considered from the inception of a project. Detailed information
security requirements should be identified from the very beginning and should be
integrated throughout SDLC. ApZen can analyze your existing SDLC and integrate
information security principles therein.
Merger
& Acquisition Advice
Organizations can inherit significant liability if proper due diligence is not
done to ensure appropriate information security controls in acquired
organizations. As a result, information security due diligence is becoming a
routine part of merger and acquisition activities. ApZen is a respected service
provider in this arena. With our experienced management consultant's, we can
judge the maturity of information security practices of an organization and
provide an objective recommendation on this data point.
