Risk Management

Information Security Risk Management is concerned with minimizing risks in potential breaches to the confidentiality, integrity and availability of business information/data. As such a necessary first step is understanding what information is important and how important the information is. Our team will work with your internal business and IT resources to identify critical business information and data and develop an appropriate classification scheme. Once completed our team will work to identify, recommend and define as appropriate how each level of classified information should be protected. Recommendations will comply to expectations from industry regulations like SOX, PCI-DSS, PIPEDA etc. 

When information classification is completed and the recommended controls implemented the next major step is to identify where your risks are with respect to your controls, industry compliance regulations and internal policies and standards.  In some instances a security control framework may be developed/adopted from organizations like NIST, CobIT etc. These organizations have done a good job at specifying general accepted security control objectives but since every IT environment is different, our team will analyze these frameworks for appropriateness and even modify as required to suit your security architecture and business needs.

Regardless of the control framework, our team can analyze and identify security risks and gaps in your existing IT environment and make recommendations for improvements. Subvizion has also undertaken many such security remediation projects in various industries across Ontario.  Major clients include Canadian banks, Insurance companies, large grocery chains and federal government.