HNC’s approach to risk management stems from years of experience implementing best-practice solutions in the government and private sectors where security of your data is an integral and high priority component of the solution life cycle, not an afterthought. Our approach emphasizes confidentiality, integrity, availability, authentication, and non-repudiation while addressing the need to scale our capabilities to varying degrees of system complexity. To meet this need we developed a strategy that closely adheres to NIST’s Risk Management Framework (RMF) and relies on a lifecycle approach for other security services.   

Our approach demonstrates the application of security controls and technologies that are governed by the RMF to meet the requirements imposed through regulation, policies and standards to ensure security risks are clearly communicated, mitigated, and managed to protect and ensure resilience of your systems, information and business processes.    

To begin with, HNC can perform a risk assessment of your organization’s IT network, system, or application to provide a comprehensive examination of the security measures and controls, of both a technical and practical nature, employed by your organization. We will gather information about vulnerabilities through interviews, site visits, review of documentation, and on-site observation of procedures. HNC’ risk assessments reveal pertinent information about the threats, vulnerabilities, and risks that exist. Each identified risk receives an associated qualitative form of measurement to evaluate it on a relative scale. Our risk assessment provides the foundation for an organization to make informed decisions about which controls and weaknesses require focus and potentially resources which then is integrated into the overall risk management process.