Email Support info@echoinc.ca
Call Support 416.816.5467
Hours of Operation Mon - Fri 0900 - 1700

Risk Management

Threat and Risk Assessment (TRA)

A TRA can be applied to an application, a division, or an organization as a whole. It identifies threats and vulnerabilities to both business processes and tangible assets alike. It is a complete, top down, risk review that takes into consideration the sensitivity of each key component within the project scope. It allows stakeholders to make decisions based on the qualitative risks that impact their organization.

Not only is this process repeatable, but it allows your organization to assess changes in its risk profile over time. A TRA will also provide your organization with a full and detailed report that summarizes the risk posture (current and proposed) based on the analysis performed. This report will contain a detailed evaluation of:

  • Inventory and classification of assets (people, process, and technology)
  • Threat agents and their likelihood and potential impact
  • Review of existing controls and the recommendation of additional safeguards
  • Qualitative and quantitative evaluations
  • Overall risk posture

We offer the following TRA methodologies and frameworks:

  • OCTAVE (Allegro)
  • RCMP’s Harmonized Threat and Risk Assessment Methodology (HTRA)
  • National Institute of Standards and Technology (NIST 800-30)
  • International Organization for Standardization (ISO 31000 & ISO 27001)
  • Hybrid (contact us for more information)
People
Process
Technology

Privacy Impact Assessment (PIA)

We can help you identify through identifying the data your organization collects and uses that fall under and information-security legislation or regulation. Our assessments provide clients with clear guidelines and recommendations for adhering to the following:

  • Freedom of Information and Protection of Privacy Act (FIPPA)
  • Personal Health Information Protection Act (PHIPPA)
  • Federal Information Security Management Act (FISMA)
  • Health Insurance Portability and Accountability Act (HIPPA)

Information Security Policy Review

Our consultants can help in the development of all information security policies, procedures, and standards. Whether it’s closing a gap in your policies, or the creation of new cyber security standards, we can determine the effectiveness of current controls and provide recommendations for enhancements.

Are you unsure if your organization has the appropriate tools in place to protect sensitive information? Let us assist you in creating and implementing a plan to protect your information at all organizational levels.

To ensure the preservation of Confidentiality, Availability, and Integrity (CAI) in support of business and operational requirements.

To provides input into any architectural decision.

A TRA will provide a snapshot of your organization’s current risk posture.

We can assist in determining if your current policies and standards leave any operational gaps in your organization.

Let us assist you in creating and implementing a plan to protect your information at all organizational level.

A TRA proposes safeguards for People, Process, and Technologies, based on policies, standards, best practices, and regulations.