Cyber Security Risk Assessment

Over the course of the engagement, Axiom provided OfficeMax with a comprehensive set
of DR Program services, including:

Our Methodology

Axiom can tailor our security risk assessment methodology to meet almost any objective or scope.

A critical step in building and operating a highly functional information security program is having a baseline knowledge of the risks within your environment. These risks and their associated impacts are unique to each organization and can change and evolve over time due to numerous factors. Companies who lack an understanding of their baseline risk as well as their desired state of risk acceptance or mitigation often struggle to deploy the right number of resources in the proper order to mount a sufficient and sustainable defense.

Determining your Inherent Risk

A risk assessment gives security and business leadership insight into the baseline risk that their organization is faced with (often called inherent risk) along with a relative measure of effectiveness of risk mitigation that is achieved though their daily operations and strategic initiatives. A risk assessment serves to document and quantify these values to highlight where management is adequately performing the needed measure to address their risk or where there could be gaps or shortcoming in their efforts.

Key Deliverables

Identification and documentation of key assets categories within the environment.

Analysis of potential threats and vulnerabilities posed to each of the assets identified.

Mapping of the inherent risk of each asset based on the threats and vulnerabilities posed to each, as well as the impact and likelihood of each threat occurring.

Documentation and analysis of current safeguards/controls/processes that serve to mitigate or reduce the threats and vulnerabilities.

Observations and recommendations for activities that will enable the ability to continue to identify, reduce, or generally manage risk in an efficient and sustainable way.

Integration With Other Common Security Frameworks

Risk assessments are the cornerstone of many security compliance requirements or customer facing security certifications such as ISO 27001 or SOC 2.

Analysis of potential threats and vulnerabilities posed to each of the assets identified.

We generally align our methodology with that of the NIST SP 800-30.

Processes within the environment or controls as part of standard frameworks (ISO 27001, NIST 800-53, NIST CSF, etc) can be overlaid against these risks to illustrate and quantify risk reduction within an organization.