Business IT Risk Assessment (BIRA) is a professional service offered by EthiSEC to help you identify your businesses risks. The primary focus of the BIRA service is to investigate an organisations Information Technology (IT) platforms, related operational policies, processes and procedures to identify and quantify risks.
Why you may need this service
The reality is business directors and managers have a moral and more importantly a legal responsibility to understand their businesses, and any actions that may affect business performance. We live in a digital age where Information has become a vital business resource, integral to many business operations.
While IT has made many business processes faster and simpler the technology platforms employed have also added new risks and complexities to the business environment. These risks need to be identified and managed in a timely and effective manner to ensure the directors and managers can meet their legal responsibilities.
What does this service review?
Modern IT Infrastructure is made up of many varied forms of connected technology including, computers, fixed and mobile phones, faxes and printers and the networks that provide access to an organisations stored information.
Apart from being powerful business tools, computers are used as the modern filing cabinet. Unlike traditional filing systems which are locked inside business premises, many computers leave the premises daily. Todays computers along with other business tools such as smart phones are also connected to the world by the Internet. While Internet connectivity has delivered many benefits to businesses, unfortunately it has also introduced new and ever increasing threats and risks.
For any business to be able to make the most of its Information it must have well developed plans to maintain the fundamentals of information security.
- Availability or continuous, reliable access to the information
- Integrity to ensure the information is correct and the organisation is trustworthy
- Confidentiality to ensure privacy is maintained
Serious consequences may result from a lack of appropriate Information management. Implementing strategies to manage these three simple concepts can significantly reduce your exposure.
Who is this service for?
Our Business IT Risk Assessment (BIRA) service delivers a high level “snapshot” of the overall IT security posture of an organisation. The BIRA service is recommended for organisations:
- Who are not aware of their responsibilities in regards to Information Security
- Who are not fully aware of their current information risks or IT “Security posture”
- Who see value in a regular “health check” of the business and its IT systems to manage the constantly changing technologies and threats to it.
This service can be purchased on an ad-hoc basis to identify and document the current security posture of the organisation. EthiSEC recommends regular assessments as part of an ongoing maintenance régime.
EthiSEC’s Ethidology™ is an in-house developed professional services methodology based on industry best practices and experience gained from client engagements performed over many years.
EthiSEC’s BIRA service utilises our Ethidology to take a comprehensive top-down, business wide view of Information use and storage.
Our Ethidology looks at the business context, along with the people, processes and technology aspects of a business’s information use.
The assessment process includes:
- Client interviews
- On-site and remote assessment and testing
- Report development
The assessment process makes use of industry standard and in-house developed tools that enable us to deliver a timely, repeatable and quality deliverable.
The final component of the assessment is a report that provides a detailed yet easy to understand “plain English” view of any identified issues.
Each identified issue is rated with a severity indicator and suggested best practice remediation action/s. EthiSEC also provides an interactive walk-through of the report with the businesses key stakeholders to ensure they have a good understanding of all findings and any follow-up activity that may be recommended.
EthiSEC’s BIRA identifies technology risk to your business that may not be obvious to management or your IT support staff. The key insight this assessment will provide is visibility of often invisible issues or risks. This increased visibility returns control to business owners, and managers and enables them to make timely and effective value decisions to mitigate the identified risks.
By improving business processes, procedures and risk mitigation strategies you will reduce your overall risk posture. While we can’t guarantee it you will also reduce your stress and increase your confidence in your ability to make money. If you would like more information call EthiSEC on 1300 67 22 75 to arrange a meeting with an Information Security consultant.