Risk management is the identification, assessment, and prioritization of risks in order to minimize, monitor, and control the probability and/or impact of unfortunate events (maliciously or mistakenly) or to maximize the realization of opportunities undertaken by the business.
Risks arise from a multitude of events, including, but not limited to: uncertainty in financial markets, threats arising from project failures (at any phase, albeit design, development, production, or sustainment life-cycles), legal liabilities, credit risk, accidents, natural causes and disasters as well as deliberate attacks launched by an adversary, or events of uncertain or unpredictable root-cause.
There are two types of events: Negative events are classified as risks while positive events are classified as opportunities.
Several risk management standards have been developed over the years. These include the Project Management Institute, the National Institute of Standards and Technology, actuarial societies and ISO standards. Methods, definitions and goals vary widely according to whether the risk management method is in the context of project management, security, engineering, industrial processes, financial portfolios, actuarial assessments, or public health and safety.
Risk Assessment is fundamental to the security of any organisation. It is essential in ensuring that controls and expenditure are fully commensurate with the risks to which the organisation is exposed.
Risk services we specialise in:
- Risk Assessment
- Fraud Assessment
- Hardening Surveys and Cookbooks
- Application Security Reviews
- Security Design & Product Review
- Penetration Testing
Risk Assessment is fundamental to the information security and productivity of any organisation. It is essential in ensuring that controls and expenditure are fully commensurate with the risks faced by the organisation. Many conventional methods for performing security risk analysis are becoming more and more untenable in terms of usability, flexibility, and criticality – their bottom line deliverables. Performanta’s
systematic risk assessment methodology includes testing and evaluation procedures that are designed to:
- Categorise and identify risks by likelihood of occurrence
- Develop cost-benefit analyses
- Recommend on best technical approach or solution will meet the client’s requirements.
A Fraud Risk Assessment is a process whereby organisations undertake to determine their exposure to fraud, either perpetrated internally by employed resources, externally through cyber actors or a combination of both. The assessment is a review of the controls and operational aspects of an organisation to identify where gaps exist that could potentially be exploited to cater for the occurrence of fraudulent activities. Performanta helps organisations to mitigate and eliminate occurrences of fraud by creating customised plans and policies as well as guiding the organisation throughout the implementation process of these controls.
Hardening Surveys & Cookbooks
Auditing servers, databases and network appliances to provide best practice hardening guidelines.
Application Security Reviews (Security Analysis)
Enable organisations to manage the following issues:
- System architecture
- Sensitive data
- Database connections & queries
- Input validation
- Session managements
- Error handling
- Environmental aspects
Security Design & Product Review
- Architecture Design
- Implementation of Security Principles
- Threat Mitigation
- Security Policies and Procedures
Performanta provides highly skilled penetration testing specialists who examine the current state of your infrastructure/System/Network/Application to assess the resilience of your security controls and to identify all the ways that an attacker might gain unauthorised access and/or information. To achieve this outcome we perform the following:
- Infrastructure penetration testing
- Application security testing
- Social engineering
- Remote access security testing
- Wireless security testing
- Mobile security testing
- CESG (CHECK) IT Health Check
- CESG CTAS
Penetration Testing has 3 main methods to conduct security tests:
When undertaking a penetration test, there is no right or wrong decision about employing a white-box, a black-box or a grey-box method, it depends on the environment that needs to be tested.
Through the application of rigorous methodologies, the use of automated scanning tools, customised proprietary scripts and manual techniques, we test for exploitable vulnerabilities that could allow unauthorised access to key information assets.
Our reports detail the security vulnerabilities within your infrastructure that could potentially be exploited in an attack. Recommendations on the best methods to secure the environment are then followed and are customised to the business requirements and according to industry best practices.