The goal of the GLBA/IT Operational Risk Assessment is to assess the Information Security and Operational Risk posture of the financial institution. AaSys Group utilizes the ISO (International Standards of Organization) 27002:2013 as the framework when evaluating operational risk. This integrated control framework provides a comprehensive structure for assessing information security management best practices and common core infrastructure guidelines.
The risk assessment identifies potential threats and vulnerabilities, measures the effectiveness of existing controls, and estimates the likelihood of the threat and the impact on the organization. Most importantly, a Control Status will provide recommendations to mitigate or eliminate vulnerabilities. As new threats and related vulnerabilities are constantly emerging, AaSys Group continuously reviews and updates its database framework.
The risk assessment identifies threats and vulnerabilities and measures inherent risk. Controls deployed by the financial institution are documented, with a final residual risk measured.
The assessment is both process-based and asset-based. Policies and procedures are analyzed to assess the appropriateness of current documentation. Management of assets, especially critical systems, and documentation (paper and electronic) is evaluated to determine information security management capabilities.
Prior employment at a financial institution as well as hands-on technical expertise are skills possessed by all AaSys Group’s Information Security Consultants. Understanding banking processes are integral to the accuracy and comprehensiveness of the risk assessment process. These qualities have been the foundation of helping clients understand and mitigate their risk. Our practice is scaled by the size and complexity of our client’s system and infrastructure, making each engagement a customized, tailored endeavor.