Risk management is the identification, assessment, and prioritization of risks in order to minimize, monitor, and control the probability and/or impact of unfortunate events (maliciously or mistakenly) or to maximize the realization of opportunities undertaken by the business.
Risks arise from a multitude of events, including, but not limited to: uncertainty in financial markets, threats arising from project failures (at any phase, albeit design, development, production, or sustainment life-cycles), legal liabilities, credit risk, accidents, natural causes and disasters as well as deliberate attacks launched by an adversary, or events of uncertain or unpredictable root-cause.
There are two types of events: Negative events are classified as risks while positive events are classified as opportunities.
Several risk management standards have been developed over the years. These include the Project Management Institute, the National Institute of Standards and Technology, actuarial societies and ISO standards. Methods, definitions and goals vary widely according to whether the risk management method is in the context of project management, security, engineering, industrial processes, financial portfolios, actuarial assessments, or public health and safety.
Risk Assessment is fundamental to the security of any organisation. It is essential in ensuring that controls and expenditure are fully commensurate with the risks to which the organisation is exposed.
Services in this section:
- Risk Assessment
- Fraud Assessment
- Hardening Surveys and Cookbooks
- Application Security Reviews
- Security Design & Product Review
- Penetration Testing
Risk Assessment is fundamental to the information security and productivity of any organisation. It is essential in ensuring that controls and expenditure are fully commensurate with the risks faced by the organisation. Many conventional methods for performing security risk analysis are becoming more and more untenable in terms of usability, flexibility, and criticality – their bottom line deliverables. Performanta’s
systematic risk assessment methodology includes testing and evaluation procedures that are designed to:
- Categorise and identify risks by likelihood of occurrence
- Develop cost-benefit analyses
- Recommend on best technical approach or solution will meet the client’s requirements.
A Fraud Risk Assessment is a process that organisations undertake to determine their exposure to fraud, form either internal resources and external cyber actors. The assessment is a review of the controls and operational aspects of an organisation to determine where gaps exist that could cater for the occurrence of fraudulent activities. Performanta can help organisations to mitigate and eliminate occurrences of fraud by creating customised plans and policies as well as guiding the organisation in the implementation process of these controls.
Hardening Surveys & Cookbooks
Auditing servers, databases and network appliances to provide with best practice hardening guidelines.
Application Security Reviews (Security Analysis)
Enable organisations to manage the following issues:
- System architecture
- Sensitive data
- Database connections & queries
- Input validation
- Session managements
- Error handling
- Environmental aspects
Security Design & Product Review
Performanta’s security experts will conduct a reviews of the following:
- Architecture Design
- Implementation of Security Principles
- Threat Mitigation
- Security Policies and Procedures
Performanta provides highly skilled penetration testing specialists who examine the current state of your infrastructure/System/Network/Application to assess the resilience of your security controls and to identify all the ways that an attacker might gain unauthorised access and/or information, e perform the following:
- Infrastructure penetration testing
- Application security testing
- Social engineering
- Remote access security testing
- Wireless security testing
- Mobile security testing
- CESG (CHECK) IT Health Check
- CESG CTAS
Penetration Testing has 3 main methods to conduct security tests:
When commissioning a penetration test, there is no right or wrong decision about employing a white-box, a black-box or a grey-box method, it depends on the environment that needs to be tested.
Through the application of rigorous methodologies, the use of automated scanning tools, customised proprietary scripts and manual techniques, we test for exploitable vulnerabilities that could allow unauthorised access to key information assets.
Our reports detail the security vulnerabilities within your infrastructure that could potentially be exploited in an attack. Recommendations on the best methods to secure the environment are then followed and are customised to the business requirements and according to industry best practices.