Home » Case Studies » ICT Risk Assessment for Council

Case Study

ICT Risk Assessment for Council

Client Details
  • Council – Review current ICT Policies, Strategy, BCP and carry out an ICT Risk Assessment
The Challenge(s)
  • Council being audited by the Audit Office annually, address lack of Risk Management Policy
  • Increase in the effectiveness and competence of attacks
  • Complexity of deploying solutions from multiple vendors
  • Pressures from Management and stakeholders to secure environment
  • Limited Budget and Resources
The Solution
  • Evaluation of risks against future planned projects and upgrades
  • Follow an ISO 27001 ISMS approach and methodology
  • Review current risks; review risk registers and gain an understanding of the current security posture
  • Identify and classify the information, crown jewels, sources, locations, and critical infrastructure
  • List potential attack vectors and rate all risks
  • Carry out workshops with key stakeholders (including decision makers) to make sure that everyone understands the risks. Identify the costs and consequences of the risks.
  • Provide a revised ICT Risk Register with a high-level plan that can be integrated within the ICT Strategy
What did we learn?
  • There is a wide gap of understanding between Management, ICT Team and the councils staff. Expected outcomes and goals can vary quite dramatically.
  • Collating all the information and details in a simplified format and helping all stakeholders understand and accept the real risks is the key minimising time and budget wastage.
  • Improving and investing in security needs to become an integral part of ICT Strategic Planning.
  • In some cases, the risk can be addressed by the adoption of some relatively simple and low cost strategies.
Share
Share on facebook
Share on twitter
Share on linkedin
Share on email