Risk Management & Assessments

Stop managing information security. 

Start managing enterprise risk.

Risks. We deal with risks every day. Crossing the street, driving our cars, choosing the next task we will work on. Each activity involves managing risks in our lives, mitigating some and accepting others.

In the business world, risk management is a bit more complex but is not rocket science. Risk management is integrating risk recognition, risk assessment, developing mitigation or management strategies, and implementing mitigation  measures. The objective of risk management is to reduce the predictable risks to the organization to an acceptable level.

To manage specifically security risks, you need to accomplish four major objectives:

  • Establish security policy
  • Assess risk to better understand vulnerabilities
  • Implement the right amount of protection
  • Measure and enforce compliance

RondoTech consultants are highly skilled in developing, assessing, and enhancing information security management systems and the tactical operations that implement the systems. Whether your firm wishes to leverage NIST 800-53 or ISO-17799 / ISO/IEC-27000, we can help you. Today.

Contact us for a free, high-level risk management assessment.

Sample Projects

Developed Internet Banking System Risk Assessment Toolkit

Assessed IT Security Environment for ISO-17799 Compliance



Mitigate or Accept?

There are several paths to take once a risk has been identified: mitigate the risk, accept the risk,  transfer the risk to someone else, or ignore the risk. Understanding your organization's risk appetite, the magnitude of the risk, and the probability that the risk will lead to an incident are the first tasks in determining how to handle risks.

Performing a risk assessment organizes and analyzes the risks and surrounding situations to provide management with the information required to decide how to handle the risks. Risk Assessments also establishes relative importance of the risk so you can determine which to deal with first.

Otherwise, you are just guessing.


2008 RondoTech Consulting, Inc.