Information-centric services to
understand threat and vulnerability.
Information is prolific in today's business environment. Understanding the people, processes, and technology that interact with sensitive and mission-critical information is vital knowledge for any information security program.
At Coalfire, we understand that risk assessment is the single most important information security activity facing an organization. Risk assessment should help define the appropriateness and fitness of security control required within the organization, allowing it to make informed risk treatment decisions and investments.
Coalfire's IT Risk Assessment services are structured to be "information centric", rather than technology centric, to help organizations understand the relevance of threat and vulnerability to their business. Since information ultimately drives security requirements for processes and assets, our risk assessment services not only help organizations understand the real risks to technology assets, but also the level of control necessary to reduce risk.
Coalfire provides these services through the use of efficient processes and automated solutions that help collect risk information and analyze and rationalize control treatments. Our risk assessment process is closely aligned with NIST 800-30 (Risk Management Guide for Information Systems), NIST 800-60 (Mapping Information and Information Systems to Security Categories) and FIPS 199 and standards. Coalfire offers two discrete risk assessment services to help enable the full risk management lifecycle.