Working with lines of business to predict future risks, and in so doing open up new business opportunities that offer real competitive advantage. Using our comprehensive proactive threat centric risk management approach and thought leadership service using industry recognised methodologies based on sound theoretical principles addressing Policies, Process and People. Based on the Risk IT principles which extends COBIT (globally recognized IT governance framework) designed to have sufficiently low overhead that it can be used in real, time-constrained scenarios.
This scenario is based on real case study material. By the very nature of the services Cordon Sanitaire offers to maintain client confidentiality and security it is conditional in all engagements that any references or case studies cannot be directly associated to clients.
The client engaged us to bring risk in line with the defined risk tolerance for the enterprise after due risk analysis and introduce Cyber Threat Defence Intelligence into the GRC (Governance, Risk and Compliance) methodology.
This was in response to a recognition that over time the overall risk status of the enterprise had changed. The risk assessment was increasingly being influenced by the business use cases for IT, expanding a dependency on public network interconnectivity, without a corresponding adjustment for the evolving Advanced Persistent Cyber Threat operating environment. This practice evolution was in response to a valid need to deliver business performance automation and integration with third party systems and networks for competitive advantage. Demonstrating how easy it was for the business to step over its own risk red lines.
This engagement addresses IT Risk with Cordon Sanitaires Threat Risk methodology to acknowledge the realities of Cyber Security based on the acquisition and analysis of information to identify, track, and predict cyber capabilities, intentions, and activities. Despite the exclusion from the terms of reference of other risks the enterprise faced, including strategic risk, environmental risk, market risk and credit risk, the IT and Threat Risk assessments adopted a holistic view that included the non-IT dimensions of operational and compliance risk. In many enterprises, IT-related risk is considered to be a component of operational risk and even strategic risk can have an IT component to it, especially where IT is the key enabler of business initiatives. The same applies for credit risk, where poor IT (security) can lead to lower credit ratings. For that reason we undertook the risk assessment phase of the project cognisant of the dependency on IT across other risk categories. The threat intelligence cycle is the backbone of the Cyber approach to traditional IT Risk; as illustrated below:
In executing this brief a comprehensive risk management methodology was used based on sound theoretical ‘Risk IT’ principles extended with Cordon Sanitaires 'Threat Risk' approach. Risk IT extends COBIT the globally recognized IT governance framework and is designed to have sufficiently low overhead and complexity so that it can be used in real, time-constrained operations. Because of its solid theoretical foundations, it avoids many of the limitations and problems that are common to many other risk management approaches and provides agility to address the ever changing landscape of risk in enterprise.
To address the organisational need for:
The project was phased with the following Risk Assessment baselining deliverables:
We were engaged to help document and review core business processes to adjust them in recognition of the resetting of the enterprises risk and Cyber threat based defence profile across the areas noted above. Following which we were retained to provide a continuous watching brief to ensure adjustments were made in response to the ever changing threat landscape.Contact Us