top of page
Data Encryption
Security Assessment
Security Assessment (SA) 

 

Banking and Financial institutions, MNC or even SME shall analyze and assess the impact from Major Operational Disruptions in order to prioritize the operations as well as allocation of resources for effective operational recovery, should there be any disruption.  

 

The goal of a security assessment (also known as a security audit, security review), is to ensure that necessary security controls are integrated into the design and implementation of a project. A properly completed security assessment should provide documentation outlining any security gaps between a project design and approved corporate security policies.

 

The following methodology outline is put forward as the effective means in conducting security assessment.

  • Requirement Study and Situation Analysis

  • Security policy creation and update

  • Document Review

  • Risk Identification

  • Vulnerability Scan

  • Data Analysis

  • Report & Briefing

 

 

 

 
Risk Assessment (RA) 
 

Assessment of risk of possible disruptions to Critical Business Functions should be conducted at least once a year.  Possible disruptive events which could impact business on a short, medium and long term basis should be identified along with probability of each event or upon significant changes either from internal and external factors which could potentially impact their business.  Existing risk controlling processes should be analyzed and improved by providing necessary resources to ensure prompt and effective control of disruptions should they occur.  There should also be evaluation and control on such process on a regular basis.         
   
 

 
Business Impact Analysis (BIA)
 

Business shall conduct BIA of any possible event that may occur in every Critical Business Function to understand relationship of the function and impacts from possible disruptions to such function.  The analysis will help business to prioritize operations and allocate appropriate resources to effectively recover any disruption. The BIA should take into account impacts on all stakeholders in both quantitative and qualitative terms such as possible loss of revenue, incurred expenditure, impact to reputation, and creditability of such financial institution, etc. This will enable prioritization as well as proper allocation of both internal and external resources for each Critical Business Function. 

bottom of page