Risks that are not known can neither be foreseen nor mitigated. A proactive information security risk assessment addresses a problem facing many companies with respect to protecting their information assets, namely neither knowing the risks they face nor understanding how well they are prepared to mitigate these risks. These assessments provide management with the insight and analysis they need in order to understand the risks they face and prioritize information protection activities and investment.
A European high-tech manufacturer was expanding the scale and importance of the R&D work being done in China. Given concerns over increased exposure to intellectual property theft, they engaged Parenty Consulting to evaluate the design, administration, and use of systems processing their most sensitive information and the business processes governing their use. Recommendations covered areas such as the redesign and configuration of software applications, use of third-party security products, and changes in the ways their systems are administered, both locally and at headquarters.