R.I.S.C. Associates is a regulatory compliance consultancy and compliance automation tools developer that helps organizations across the country meet Regulatory and Corporate requirements through proper governance, risk and compliance (GRC) practices.We are trusted advisors to our clients and, as practitioners who have been on both sides of the table, we bring a unique and practical perspective to understanding your environment
The information security risk assessment is the hub of the information security program. It drives everything from policy to program to testing to defining the audit plan. We will examine system-level risk as well as process-level risk and determine whether the controls around those components are sufficient to protect systems and sensitive data from threats.
General Controls Audit
Key controls must be tested annually. RISC Associates will conduct a series of tests to verify that controls are in place and effective and that they meet requirements to protect sensitive data and systems. RISC understands that not all controls meet textbook definitions and that there are compensating controls within every organizationís infrastructure. RISC will use its experience to take into consideration any such controls as it determines their adequacy in protecting the enterprise.
Policy provides a consistent approach to operational procedures that ensures that the enterprise will function the same way day-in/day-out regardless of who executes those procedures. It brings predictability to operations and REDUCES RISK! Anyone can download policy from the web but all too often it has nothing to do with the way you conduct your business. We take a practical approach to policy development by assessing your environment and developing policy that actually works within that environment.
A penetration test subjects a network or system to real-world attacks to test and determine the effectiveness of existing controls. The benefit of a penetration test is to identify the extent to which a system can be compromised before the attack is identified and assess the response mechanism's effectiveness.
More than 60 percent of all compromises occur from within the institution or by someone with knowledge of it. Having a hard exterior and not worrying about the inside is a huge mistake. Our vulnerability assessment will examine Operational, Network, Host, Workstation, Physical and Firewall security.
Incident Response Plan Development
An Incident Response Plan establishes policies and procedures for reporting major information technology (IT) incidents that may compromise the availability, integrity, and confidentiality of the institution's technology resources.The purpose the plan is to facilitate cooperation and information exchange among all personnel who have responsibility for detection, reporting, and notification of security incidents.
DR/BC Plan Development
The purpose of the Business Continuity and Disaster Recovery Plan is to ensure that the institution has adequate availability of critical resources and that it can restore basic services and maintain the continuity of operations during an emergency situation. The Plan should aid in ensuring organizational stability through an orderly recovery process in the event of significant problems and interruptions.
Board Involvement is the first of 5 key GLBA 501(b) regulatory requirements that must be complied with regardless of whether you're a bank or a credit union. A high level understanding of today's driving regulatory issues empower the Board to make educated decisions about how to protect the institution and the consumer. The Board is ultimately responsible for protecting the institution and is responsible for ensuring that there are programs, policies and procedures to ensure the following:
1) Protection of sensitive data and systems 2) Detection of abnormal activity 3) Response to that abnormal activity 4) Governance: managing and enforcing the program
We understand that Board members are not necessarily banking professionals and that they come from other walks of life. Thus, our Board Training session educates the Board members or any Supervisory/Executive Committee members on the Whats, Whys and Benefits of being compliant. Education is the first step in making intelligent business decisions.
We know that your schedules are quite busy so the training can be conducted day or evening. This is an interactive session focused on creating discussion and information security awareness at the top .