RISK ASSESSMENT

Assess your company’s security risks and identify your potential exposure

Start building a well-functioning IT security program by understanding your security and privacy risks

GET A $2,000 CREDIT AGAINST YOUR FIRST RISK ASSESSMENT

Our Approach

STN IT Risk Assessment

The STN Risk Assessment is a true Residual Risk Assessment which informs our clients of the amount of risk or danger associated with a threat remaining after inherent risks have been reduced by risk controls.

Our IT Risk Assessment produces practical and actionable recommendations to reduce the greatest risks to your sensitive data and systems.

STN starts by defining the key concepts and information flows of your organization. Once this is completed, a comprehensive list of threats and vulnerability pairs are created and an initial risk assessment is conducted across four probability groups. This allows STN to develop control recommendations for each of threat-vulnerability pairs and reduce the impact of the threat on your organization. Finally, STN creates a true Residual Risk Assessment which informs you of the amount of risk or danger associated with a threat remaining after inherent risks have been reduced by risk controls.

Do you need an assessment?

If you answer NO to any of these questions –
contact us today.

PEOPLE

Are they trained to recognize poor security practices? Are they able to be bastions for the protection of your organization?

PROCESS

Do you have processes and procedures in place & documented?
Can you prove your processes to a Security Auditor?

TECHNOLOGY

Are they trained to recognize poor security practices? Are they able to be bastions for the protection of your organization?

Get a $2,000 Credit Toward Your First Risk Assessment.

The STN Risk Assessment Process

Determine the residual risk after inherent risks have been reduced by risk controls.

STEP 1

Define Key Concepts & Information Flows
  • Information Assets
  • Impact Area
  • Asset Flow Diagrams

STEP 2

Define Threats & Vulnerabilities
  • Technical
  • Physical
  • Social
  • Disaster Events

STEP 3

Initial Risk Assessment Probability
  • Human — Deliberate
  • Human — Inadvertent
  • Technical Failure
  • Disaster — Natural & Manmade

STEP 4

Control Recommendations
  • Decrease Threat Scenario Probability
  • Decrease Impact
  • Enhance incident Response Capabilities
  • Enhance continuity and disaster Recovery

STEP 5

Residual Risk Assessment

Understand the level of Risk and danger with remaining threats

Why STN IT Security Assessment Services?

Proven Experience

Experience is more than expertise. It means having your eyes and hands in multiple technology environments, company support of continuing education, and numerous certifications in a wide range of security practices. Industry standards for security change with technology, market demands, and shifting perceptions of risk. STN security professionals are able to maintain standards that exceed the industry because security is all we do. We seriously love this stuff. Let us prove it to you.

Proactive Understanding

Trust is earned. Every engagement is an opportunity to strengthen the trust we have earned and the trust we share through mutual understanding. At STN, we all play our part, but the proof is in the perception of the client. As we trust each other more and more, we become greater than the sum of our parts, and the client is served through truly dynamic insight.

Why STN IT Security Assessment Services?

We provide clients with a highly adaptable and prescriptive approach to meet their needs. Rather than a hindrance to business, your compliance program will become part of a proactive strategy:

  • Gathering data regarding your information and technology assets
  • Determining threats to assets, vulnerabilities, existing security controls and processes, and current security standards and requirements
  • Analyzing the probability and impact associated with the known threats and vulnerabilities
  • Prioritizing risks to determine the appropriate level of training and controls necessary for mitigation
  • Presenting you with a comprehensive plan and estimate

In addition, STN will review risks specific to your industry:

Financial Institutions

Risks associated with your core processing system and electronic Banking Controls.

Energy

Risks associated with your SCADA System.

The STN IT assessment processes are facilitated by the STN portal, which provides remote reporting and facilitates collaboration between STN and your company’s staff.

The portal includes the capability to securely share documentation, review drafts, and input responses to findings directly into your report.

Man looking at tablet smiling

Cybersecurity Portal

As an integral part of every solution, we developed the Cybersecurity Portal. It offers a secure repository and information resource with a dashboard for customers to track all projects, security assessments, and service tickets. The Cybersecurity Portal provides a single point for our clients to access security-related documentation and assets.

Through the Cybersecurity Portal, each client gets access to:
  • Secure document sharing
  • Escalation procedures and management
  • Trouble ticket tracking and status
  • Network diagrams
  • Firewall rules management
  • Support contracts
  • Archived Managed Security Service (MSS) reports

DON’T FORGET

IT Security Gap Assessment

Our IT Gap Assessments follow a similar approach as the Risk Assessment.

We can provide a deeper technical, physical, and administrative analysis of your technical environment and the potentials for gaps in your security as they relate to FFIEC, HIPAA, ISO/IEC 27001, ISO 27702, FERC, and NIST frameworks.

“As a small Credit union, we have very limited staff and time. We need a tool that provides us with a quick and easy way of fulfilling our regulatory assessments. Not only does STN’s tool do the job, but it also allows us to compare against past assessments and reveal trends through our history. This has been very powerful in determining where we have been deficient and where we are excelling. STN’s FFIEC self assessment tool also provides us a quick and easy way to report to our board and our NCUA examiners on our improvements and progress.”

— Information Security Analyst

“STN’s new FFIEC tool simplifies the process of ascertaining risk levels, assessing an organization’s maturity level, and gauging progress needed and made over time. An accessible and intuitive interface makes it easy to use, STN has created a valuable tool for reporting and documenting FFIEC data as it pertains uniquely to your company.”

— Vice president / Information Security Officer

Get in touch

Schedule your risk-free consultation.

Contact us today to speak with an expert about your specific needs.

Stay in the Cloud

Sign Up for Our Newsletter

Sign up for our monthly newsletter for to stay up to date.

Copyright © 2021 STN Inc. All Rights Reserved.