Back to Service Library
Service Catalog / Strategic Advisory & Professional Services / Compliance Readiness / Curated Risk Assessment
157VCRA Base

Curated Risk Assessment

On this page

    Service Overview

    Risk Assessment is a comprehensive evaluation of your information security program. The output will provide insights into your cybersecurity program's strengths and weaknesses. Furthermore, risks will be clearly prioritized and documented with a clear description. A DeepSeas Curated Risk Assessment leverages the built-in capability of the Vanta security and compliance platform to establish the risk management function as a foundational element in the compliance programs. Risk Assessment helps sets the direction for the Information Security Program and identifies high risk with potentially significant impacts that should be addressed.

    Objectives

    The objectives of this initiative are as follows:

    1. Utilize Vanta Risk Register function to:
      1. Identify and prioritize cybersecurity risks in the environment.
      2. Quantify risks so that they are universally understood and easily communicated.
      3. Support compliance with legal, contractual, and regulatory requirements.

    Methodology

    The Curated Risk Assessment project consists of the following phases, utilizing Client's Vanta tenant: 

    1. Scenario Selection
      1. DeepSeas will recommend and facilitate risk scenario selection for assessment based on the client environment, and the selected security standard as defined in Scope.
    2. Risk Assessment
      1. DeepSeas will facilitate discussion of the selected scenario to assess inherent risk to the organization
      2. Each scenario will be assessed on:
        1. Likelihood of a measurable event occurring from vulnerability exploit, and;
        2. Potential Impacts from vulnerability exploit.
    3. Risk Treatment
      1. DeepSeas will facilitate discussion of the selected risk scenarios and inherent risk scores to determine risk treatment selections
      2. Risk treatment selections will include:
        1. Accept
        2. Transfer
        3. Mitigate
        4. Avoid
      3. DeepSeas will assist in defining the initial task associated with the risk
      4. DeepSeas will facilitate discussion on the selected treatment option to determine residual risk
      5. Each scenario will be assessed on:
        1. Likelihood of a measurable event occurring from vulnerability exploit, and;
        2. Potential Impacts from vulnerability exploit.
      6. As part of the finalization of the risk scenario review the client will define the Risk Owner.

    Deliverables

    The project will include the following deliverables:

    1. Detailed Project Plan - DeepSeas will deliver a project plan describing the phases for Curated Risk Assessment.

    Service Assumptions

    The service described in this Statement of Work will be delivered by DeepSeas according to the following assumptions, which will govern all work, deliverables, and interactions:

    1. All project processes and outputs will be contained within client-licensed Vanta security and compliance platform.