Contact Us   |   Site Map  

Waiver is a voluntary relinquishment by the Corporate Security department in cases where security safeguards or controls cannot be implemented and security risk has been accepted by business stakeholders/owners.

Information Security Program should be seen as risk-based and as such requires an effective Security Risk Management component. No security vision or program can be effective unless it is based upon a sound understanding of the pertinent security risks it is designed to control.

Successful Security Risk Management requires the identification, assessment, and management of current and emerging security risks that can cause loss or harm to persons, business operations, information, systems, or other assets. Security Risk Management is the ongoing process of identifying risks and implementing plans to address them.

Establishing a Security Risk Management practice is mandated and/or strongly suggested by the following industry recognized governance' body-of-knowledge (i.e. frameworks, standards and Best Practices):

                      COBIT, ITIL
                      ISO27001, ISO27005
                      NIST SP800-39

As a part of RSS Inc. Security Governance portfolio offerings, our team will help You establish a successful Security Risk Management practice. Our seasoned professionals have established Security Risk Management practices in various industry sectors from conceptual to implementation stages and they are in full compliance with our client's industry applicable requirements.

The following represents some sources of threats a company should be aware of:

                                        Deliberate acts, carelessness or neglect by employees or outside individuals
                                        New or changed business activities and processes
                                        New assets
                                        Flaws or weaknesses in technology or system design, implementation, operation,
                                           or maintenance, especially in new or emerging technology
                                        Internal factors, such as staff morale and organizational culture
                                        External factors, such as crime rates, terrorism, war, insurrection, or natural disasters
                                        New or changed legal or regulatory requirements
                                        External public perception

The risk management process starts with identification of pertinent security threat; it should be then followed by a risk and impact analysis so that the assessed security risk can be managed by the following:

                                        Risk Reduction - Implement security controls to lower the risk to an acceptable level
                                        Risk Spreading - Share the risk by splitting assets up
                                        Risk Transfer - Obtain insurance to cover the risk
                                        Risk Acceptance - Accept the risk because it is tolerable
                                        Risk Avoidance - Change the business to remove the cause of the risk
                                        Combinations - All or several of the above

During the engagement, RSS Inc. team will help Your Company establish the following security risk management components:

                                        Corporate Risk Appetite identification and levels
                                        Ongoing security threat identification
                                        Risk analysis
                                        Impact analysis
                                        Gap analysis
                                        Outcomes and Recommendations
                                        Risk Acceptance and Waiver process

Furthermore, our team will help You establish a centralized repository that will contain the following:

                                        Identified Security Threats
                                        Security Risk Analysis and Outcomes
                                        Risk Acceptance Forms

RSS Inc. team will work in tandem with our client assigned team throughout the entire engagement thus ensuring the knowledge sharing.

Solution Benefits
There are times when companies do not have the resources or internal knowledge to develop a Security Risk Management. By engaging the RSS Inc. team for short-term outsourcing assistance, it will enable companies to utilize seasoned professionals to establish practice that will provide the planning basis for making sound risk management decisions, used in forgoing investment capital or technology. By bringing the external experience to the table, our clients will be in the position to shorten the information security governance maturing phase.
Successful Security Risk Management will provide an ongoing monitoring of security control' effectiveness and recommend improvements or new controls that will manage risks to corporate acceptable levels.
An additional benefit experience is the creation of a centralized repository where all identified security threats, risks, risk acceptance forms, and waivers are stored so that information is disseminated to all relevant stakeholders.

RSS Inc. team will provide mid and long-term plans containing milestones for implementing Security Risk Management practice and related processes.