Header
  Home // Expertise

Risk management

Traditional approaches to threat and risk analysis tend to focus heavily on scrutiny of the infrastructure, paying limited attention to:

  • organisational and business objectives
  • where the system sits in the organisation
  • the processes that the infrastructure is there to facilitate
  • the environment in which the system operates
  • human factors such as the risk of ‘insider’ and ‘social engineering’ attacks.

These approaches can lead to an over-investment in IT technology at the expense of other areas such as process design and operator training. Yet statistics show that the greatest risk to organisations' IT systems and data come from staff within the organisation.

Castelain's approach combines a number of techniques to overcome these concerns. Our approach is based on the National Institute of Standards and Technology's (NIST's) Risk Management Guide for Information Technology Systems, supplemented in areas by techniques such as an applied use of the Clarke Wilson Integrity Model to assess human factors such as the risk of insider attacks.

 

 

  • Home
  • About us
    • Who we are
    • Our people
    • Our leaders
    • What makes Castelain different?
    • What we do
      • Security systems architecture and design
      • Program and project management
      • Systems integration
      • Independent testing
      • Education and training
    • Our Partners
  • Expertise
    • Application security
    • Transaction security
    • Public key cryptography and digital signatures
    • Public key infrastructure
    • Identity management and access control
    • Mergers and acquisitions
    • Security policy and compliance
    • Risk management
    • Security controls
  • Clients
    • Commerce
      • KAZ
      • Altnet
    • Finance
      • Major Australian bank
      • Commonwealth Bank
    • Government
      • New Zealand Government Ministry of Justice
      • Australian Customs Service
      • Australian Tax Office
      • Department of Industry, Tourism and Resources
      • NSW Office of State Revenue
      • CrimTrac
      • Department of Health and Ageing
    • Utility
      • Integral Energy
  • Technology
    • Secure Internet Portal
      • Overview
      • Security
      • Integration
  • Publications
  • Contact
Contact us