The potential of an undesirable or unfavorable outcome resulting from a weakness or gap that has been exploited by threats due to a given action, activity and/or inaction.
RISK REGISTER DEVELOPMENT
No matter what industry you operate in, or how mature your security infrastructure may be, we all deal with risk on a daily basis. Having a clear and understandable picture of where those risks are coming from and what your organization is doing to mitigate them is an imperative tool for anyone responsible for an organization’s cybersecurity program. Whether starting from scratch or simply refreshing your existing risk register, The Mako Group can assist your team through the process to ensure that your new risk register is thorough and effective.
The Mako Group’s team will work closely with your organization’s stakeholders to gain an appreciation for the existing risk management process, as well as review any existing risk tracking materials. Using this knowledge combined with The Mako Group’s experience and industry best practices, an initial assessment will be made against a framework of your organization’s choosing (NIST CSF, ISO 27001, etc.) using The Mako Group’s proprietary risk register methodology. Through personnel interviews, process evaluation and policy and procedure review, The Mako Group will assess your organization’s risk likelihood per control, potential impact and compensating controls.
Taking each of these factors into account, The Mako Group will provide your organization with a final risk evaluation. These scores will provide insight at a high level to better understand areas in which improvement is needed, but also specific to each control. This provides the granular detail needed to better understand which controls specifically are presenting your organization with the most risk. The result is a tool that will serve your organization with the details needed to not only understand the current risk environment, but to develop a roadmap to mitigate those risks in an effective and timely manner.