As your organization grows in size and complexity, the job of determining the degree of exposure to information asset risks becomes more challenging, as does your ability to identify threats and implement effective plans for addressing them. An Enterprise Risk Assessment (ERA) helps you address these issues. By employing a formal methodology such as the National Institute of Standards and Technology (NIST) or the OCTAVE® Risk Assessment Methodology used by Digital Defense (DDI), you will be able to obtain a holistic, organization-wide view of critical information assets and their associated threat profiles. You will then be able to utilize this view to craft and implement a solid "roadmap" for addressing key issues, prioritized based upon the specific needs of your organization.
DDI offers three alternatives for the ERA solution, one of which will suit any size or type of organization.
Webinar - The ERA Webinar program is a series of courses offered by DDI on a scheduled basis. It provides clients with a self-paced study and support offering for those senior managers who are required to perform risk assessments for their organizations on a regular basis. The ERA Webinar program consists of two courses, Risk Assessment Overview and OCTAVE Overview and ERA Utility™ utilization.
Expert - During the ERA Expert (Remote) service engagement, an OCTAVE-trained security analyst will conduct your organization's risk assessment utilizing an online conferencing bridge. Via this bridge, the security analyst will consult with one or more persons within your institution to garner the information required to carry out the risk assessment.
The ERA Remote service offering consists of three half-day sessions. Upon the conclusion of the engagement, the security analyst will finish populating DDI's proprietary ERA Utility with your organization's risk information and deliver of the completed risk assessment, which is comprised of the populated ERA Utility and a final risk assessment report.
Corporate - The ERA Corporate (onsite) service offering is either a three-day or a five-day engagement, depending upon the size and type of your organization. An OCTAVE-trained network security analyst leads both options. The ERA Corporate programs consist of three key stages.
Data Collection
We send several questionnaires in advance of the actual onsite engagement, which gather the key data points and impact values associated with productivity, financial and other risks. We use the responses to these questionnaires to populate our ERA Utility, a data capture tool. Our key objective with this first step is to accomplish basic data collection efficiently and at your own pace before our analyst visits your site. This maximizes the value of our onsite visit, while minimizing disruption of your day-to-day operations and the time your key personnel devote to the process.
Onsite Sessions
During the onsite portion of the engagement, our skilled analyst leads a series of meetings with the members of your core assessment team. During these meetings, the analyst will aid your organization in identifying and documenting key information assets, their associated threat profiles, and any associated remediation actions required to mitigate the defined threats. Our analyst will use our proprietary ERA Utility to capture all of this information. This tool is also available for your continued use after the conclusion of our onsite engagement, at no additional charge. This tool will assist your organization in maintaining and updating risk assessment information over time.
Follow-up and Reports
During the following weeks, our analyst reviews and refines the information captured during the interactive sessions. Once the data captured within the ERA Utility is complete, we produce formal reports and worksheets that outline key findings and next steps for your organization.
DDI gives all ERA program clients our ERA Utility at no additional charge. This proprietary tool provides you with an effective means of maintaining and updating your ERA information following your engagement. You and your organization can use the ERA Utility to facilitate data capture, data organization, and reporting of information related to the OCTAVE risk assessment process. DDI developed this tool, and its function conforms to the OCTAVE methodology developed by the Software Engineering Institute at Carnegie Mellon University to conduct system identification and risk evaluation.
The DDI ERA solutions support organizations achieving compliance with the following regulatory guidelines: