Risk Assessments

GCR Cyber Risk Assessments

Many companies believe cyber risk assessments only involve a security audit (such as SSAE-16 or SOC-1/2), penetration testing, or vulnerability scanning.  While these activities and results are useful, GCR links its business process and systems analysis experience with security expertise and identifies the cyber risk vulnerabilities that can:

  • Stop business operations
  • Shut off customer and business partner interactions
  • Result in the loss of data
  • Cause enormous financial losses and/or
  • Undermine strategic goals and objectives.

GCR conducts a cyber risk assessment that combines technical, legal, and operational considerations and identifies the critical junctions where IT supports business operations in a mission critical manner.   An examination of strategic corporate documents, corporate organization, policies and procedures, information flows and dependencies, and security program documentation enables GCR to evaluate an organization’s enterprise security program and identify gaps and deficiencies.

Cyber risk today can be determined only after reviewing a client’s system architecture, the technology it has deployed, its operational processes and control points, key security documents, its management policies, compliance requirements and corporate culture.  Cyber risks are not managed solely by IT staff and security teams.  Cyber risk management is an enterprise issue and there is a role for everyone.

GCR’s cyber risk assessments will identify critical operational points and cyber liability risks.  Through our partner company, Dempsey Partners, we can identify cyber risks and quantify the cyber exposure cost and assist clients in determining whether their cyber coverage is adequate or whether they have such coverage at all.