Risk is Good

Why is Risk good?

NEQ leverages the Framework of Risk Management and Analysis (FoRMA) methodology (developed by Cybernetix Technologies) to acutely measure the level of risk and effectiveness of the mitigating controls in your enterprise environment. The layers of your IT stack are analyzed:

  • Physical
  • Network
  • System
  • Application
  • DataStore

The FoRMA lifecycle

The protector (Blue Team) and hacker (Red Team) strategies are used to examine the key strengths and critical weaknesses through a 4 phase life-cycle approach:

Using the FoRMA methodology results in a comprehensive review of your IT Security infrastructure and a set of valuable recommendations to address any critical control gaps.

A Powerful Methodology

The Framework of Risk Management and Analysis (FoRMA) Methodology begins with the identification of your key assets within the layers of your IT stack that support the business.

For each of the Control Implementation Phases, the risks are analyzed and existing and potential controls are compared to determine the acceptable level of Risk Mitigation. This may require up to four layers of control types; Awareness, Protection, Detection and Assurance.

The result is captured in a custom FoRMA report which delivers the strengths, weaknesses, gaps, and recommendations, suitable for technical and executive audiences.

For more info, see our services page

Are you finding it difficult to measure the effectiveness of your company’s security?

Even with a fully documented and tested IT control framework that addresses governance, risk and compliance, you may not know the complete health of your security. NEQ can assess your Information Security Program to ensure that it fits your business goals, and you will know the gaps that need to be addressed in your processes, policies, and verified by third party testing.

We accomplish this by using the FoRMA Risk Management model and focus on four critical areas of your security:

  • Your Critical Asset inventory aligned to your business functions
  • Testing the state of your current security controls
  • The level of employee security awareness
  • Your current security policies and standards

Together these areas should be providing you with the necessary protection and detection to maintain the health of your business, and should be included in your Information Security Program.

For more info, see our services page