Welcome to CyberAdeptness LLC

Enterprise Information Systems Risk Assessment (EISRA) Overview

What is an Enterprise Information Systems Risk Assessment?

An Enterprise Information Systems Risk Assessment (EISRA) takes a deep-dive into the Organization-Wide Information Systems and/or Security Program in place in order to capture the current state. This will allow us to mold the process to the organization needs and determine what is the best approach to implement and/or improve an existing program so that it complies with the Security Standards impacting the organization.

In addition, an EISRA takes a deep dive into the organizations Security Engineering Principles applied at the Network and Application Layers in order to restructure the Architecture and System Development Life Cycle (SDLC) process.

Why is an EISRA important?

An Enterprise Information Systems Risk Assessment (EISRA) is essential because it help us gain an understanding of the organization-wide blue print which delineates ...
  1. A high level overview of the organization's mission, business objectives, security requirements, and budget restrictions.
  2. A complete overview of organizational assets and resources.
  3. An indepth review of the organizations Risk Management Tier State Level.
  4. An indepth understanding of the organization's strengths and weaknesses.
  5. An indepth understanding of the compliance impacting not only the organization, but its consumers.
  6. An indepth understanding of the current environments.
  7. An indepth understanding of the Security Engineering Principles used as part of the organizations Network Architecture and Systems Development Life Cycle (SDLC).

What are the Document Outputs?

The outcome of an EISRA includes the following...
  1. Enterprise Information Risk Assessment Report
  2. Enterprise Blue Print of the organizations Information Systems Program.
  3. Enterprise Implementation Strategy Recommendation.

When is an EISRA required?

An EISRA is recommended at any time; however, the long term effect is determine by the stage in which it is implemented. This stages are...
  1. Startup Company- A startup company will benefit the most because it allow us to ensure that the appropriate Security Engineering Techniques and Network Architecture requirements are applied as part of the implementation process. In addition, it will be the most cost-effective option.
  2. Mid-size Company- A mid-size company will benefit from an EISRA as it will help lower the cost in the long term through re-engineering and flip the return on investment from negative to positive as we focus on streamlining existing processes.
  3. Large Company- Re-engineering the network infrastructure of a large company is not an easy task; however, it is viable IF the company is interested on finding ways to limit cost and improve an existing program. In that case, an EISRA is effective as it will help set the tone on how the organization should breakdown the process associated with re-engineering the systems at a large scale.

Does an EISRA include Security Engineering?

If you mean hands-on Security Engineering, the answer is no; however, the EISRA does includes a high-level review of Security Engineering Principles that is documented as part of the process. In fact, Security Engineering Principles is of utmost importance as we develop the organization's Information Technology (IT) program blue print.