IT Risk Management

FDLV offers a wide range of security services spanning from external penetration testing to code auditing and reviewing. We combine thorough methodology with an unconventional and creative hacking attitude to deliver efficiently compact, valuable straight-to-the-point results to the organization infrastructure. By means of experienced subversive technology manipulation, we offer the best possible way to model data breach attempts, network intrusion and real vulnerability exposure. FDLV offers penetration testing in accordance with internationnaly approved best practices and in a very pragmatic approach. We believe that a penetration test should not be an activity to see if the tester can « hack » the client. It should be about identifying the business risk associated with an attack and helping to secure problems detected by our team.

FDLV promotes a pragmatic and tailored approach, combining what the best methodologies can bring, without generating a heavy project administration and structure.

It is the mission of FDLV Consulting Services to discover our clients’ true business challenges, propose solutions aligned to the business needs, and successfully deliver in a trusted-partner manner. To meet security and compliance requirements of most organizations today, FDLV commits to provide independent business-driven IT Risk assessment and management programmes, equally focused on people, processes, and technologies considered critical to the operational success of the environment.

FDLV’ IT Risk Management Program Evaluation identifies business-related information security risks within the enterprise and improve the organization’s risk management practices against criteria established by internationally recognized IT Risk and Security governance frameworks. Gaps in your organization’s IT risk management Program are identified and recommendations are made for areas of improvement that will mitigate risk for your enterprise. The end goal of the project is to ensure that your organization has adequate and proportionate security controls in place.

The IT Risk Management Program provides a comprehensive analysis of each area affected by current risk management practices and helps the board, the executive management and other organization leaders determine how to optimise the realisation of value from information security investments by answering five risk governance questions as described in the figure below:

The IT Risk Management Program report provides a snapshot of your organization’s risk governance posture, and outlines the strengths, weaknesses and recommendations broken down into their IT risk governance components. This will result in a prioritized set of action items that can be used to develop a strategic roadmap for your organization.

Because most organizations are acquiring security infrastructure in an ad hoc and reactive manner, because most organizations are making ad hoc acquisitions involves unplanned expenditures resulting in inconsistent security, most organizations don’t match organizational goals. This solution set will guide you through the process of developing a formal plan (“the security roadmap”) that outlines and guides the security strategy.

Overview of our approach

FDLV proposes to execute its IT Risk Management methodology which has been developed based on ISO 27005 and ISACA Risk IT. This approach offers a cost-effective way to measure an organization’s IT Risk posture within the business context. It leverages decades of our senior staff’s experience when assessing and developing effective information security Programs. This methodology provides the following benefits for your organization:

It ensures comprehensive coverage of all security issues by tracking a set of standard security criteria.

It provides insight into the enterprise’s current security management performances compared with its targets as derived from the business goals and risk profile

It minimizes assessment cost by enforcing a structured methodology.

It considers the organization against appropriate security management best practices for its industry.

FDLV IT Risk Management Program is a carefully crafted methodology designed to quickly get to the heart of your business security issues. It does so without disrupting to the day-to-day essential processes and keeps operations running. FDLV’ IT Risk Management Program approach is three folds:

Understand the Business’ Risk Environment

From the Business Model of your organization and, with the assistance of the business executive, FDLV refines the corporate objectives and obtains the stakeholders expectations. The corporate objectives are presented as a full statement of the short, medium and long-term aims of the organization and are expressed in unambiguous and clear, business-relevant terms.

Vulnerability Assessment and Control Validation

Based on FDLV’s Business Security Assessment (BSA) program, the methodology uncovers not only technical deficiencies in the design or implementation of security protections, but also the operating deficiencies associated with people and processes charged with security maintenance and management. Information will be collected through interviews with managers and staff, review of documentation, assessments and observation of the environment.

Risk Analysis

When the business context and how the company is exposed are understood, the risk scenarios can be analysed by combining its likelihood of occurrence with the control strength & vulnerabilities and its potential adverse impact to the business. By taking the controls in place into account, the risk analysis provides the current net risk and helps the business managers focussing on the most relevant risks immediately.

When applicable, FDLV will interview a maximum 3 persons from the IT operations in order to understand the IT security posture of your company through the Vulnerability Assessment and Control Validation phase.

Contact us today for a first consultation!

If you want to get in touch with us, please call us: +352 26 44 17 04