|
Risk Management is the cornerstone of our information assurance philosophy and is central to the planning, budgeting and acquisition process. An initial risk analysis drives how IT security risk will be isolated, minimized, monitored and controlled throughout the enterprise life cycle.
We understand maintaining a sound information security capability is more of a business process engineering effort than a technical solution. Our “Risk-Based” methodology has three Phases: Assessment, Implementation and Maintenance.
Assessment Phase: We perform an assessment of the capability in question and determine the nature and causes of any weaknesses.
Implementation Phase: We implement the solution using the appropriate configuration management techniques and guidelines.
Maintenance Phase: We provide continuous monitoring and maintenance to ensure that the solution is working appropriately.
As the basis for our Risk Assessment, we review your IT environment using the most comprehensive industry security, test, evaluation methodologies, including FISCAM, DITSCAP, NIACAP, NIST-Self Assessment, COBIT, forensic and vulnerability/penetration tools. We apply these methodologies in conjunction with interviews, documentation reviews, industry research, technical tests and our past “lessons learned” towards establishing a clear picture of where, what, and how to apply controls.
Success Story
The success achieved through our direct approach was highlighted as the Department of Labor's Employment Standard Administration (ESA) utilized Radius Technology Group's outstanding services and support in designing templates for all security documentation. Radius provided systems testing and audit services to ensure all systems were in compliance with ESA IT Security standards. Further, Radius prepared all certification and accreditation packages for final approval. Our detailed and customer-focused support resulted in full "Authorization to Operate" for all ESA systems.
|
