We create integrated risk management solutions that optimize and converge operations to mitigate threats and reduce risks.

One thing RedSec1 has discovered with its emphasis on security is that each organization has its unique requirements for assessing and managing risks. ISO, NIST, COSO and other standard frameworks are necessary and useful, however, most organizations can’t adopt a “cookie cutter” approach in this age of rapid evolution and global reach. Our approach uses best practices but our emphasis is on automation—that is to say Key Risk Indicators should be continuously updated and available to all stakeholders, any time and any place.

rs1_Asset 3.png

ERM Implementation

  • Implement the ERM framework using requirements analysis, design, installation, and optimization.

  • Develop and analyze threat inventory.

  • Conduct risk and vulnerability assessments and risk analysis.

  • Risk treatment analysis, design, development, and deployment.

  • Customize risk library and registry.

  • Design and apply qualitative, semi-quantitative, and quantitative analytics.

  • Train various levels of stakeholders to participate, support, and own the ERM process.

rs1_Asset 3.png

erm automation

  • Utilize on-premise and 3rd-party software integration to automate ERM process.

  • Support data fusion from multiple sources to aggregate and apply risk scoring algorithms supporting threats and opportunities, consequences and impacts, and probability and likelihood.

rs1_Asset 3.png

Standards-based

While some organizations must apply a discrete ERM standard we’ve found that most organizations require a hybrid application of standards. Most often these hybrid ERM models include components of the following standards or others.

  • ISO 31000

  • ISO 27001

  • NIST SP 800-53

  • COSO