Risk Assessment Service Cybersecurity datasheet

ManualsBrandsHPE ManualsHardwareHP Care Pack Education Nonstop lectures and labs

Page 2

Data sheet

SERVICE FEATURE HIGHLIGHTS

HPE Risk Assessment Service for cybersecurity is a business-led consultative engagement that consists of the following stages:

1. Risk assessment service preparation

2. Kick-o and context establishment

3. Asset evaluation

4. Risk assessment

5. Risk treatment

TABLE 1. SERVICE FEATURES

STAGE DELIVERY SPECIFICATION

1—Risk assessment service preparation

AN HPE SENIOR CONSULTANT WORKS WITH THE CUSTOMER TO:

• Define and agree preliminary scope of service

• Agree on first draft schedule

• Set up customer and HPE project team

2—Kick-off and context establishment

AN HPE SENIOR CONSULTANT WORKS WITH THE CUSTOMER TO:

• Initiate the project with a kick-o meeting and organize remote follow-up and status meetings, including discussions of

requirements

• Identify and review service prerequisites and any actions required of the customer to meet those prerequisites

• Identify stakeholders and potential resources required for the service and obtain their contacts

• Create project schedule and schedule service activities

THE HPE PROJECT TEAM:

• Defines and confirms final scope of service, including assessment scope, rules of engagement, acceptance criteria, and others.

• Works with the identified stakeholders to collect information on the in-scope assets. Information maybe gathered via existing

documentation, interviews, or physical/remote observations. Information may include but not be limited to:

– Business and IT strategic plans

– Business and IT organizational charts

– Security policies

– Security procedures

– Security program documents

– Security product inventories

– IT audit reports

3—Asset evaluation

The HPE project team:

• Identifies the assets (business process, hardware, software, network, information, media, support service), which are part of

the scope as identified during the context establishment phase.

• Identifies data/service, which each asset processes, stores, or transfers, and evaluates asset value based on the confidentiality,

integrity, and availability of the data/service

• Documents the asset evaluation results in the asset evaluation report (in Microsoft® Word format)

4—Risk assessment

The HPE project team:

• Performs risk estimation on the in-scope assets (qualitative or quantitative)

– Threat rating for the assets

– Vulnerability rating of the assets

– Likelihood of the exploit

– Risk impact rating

• Documents the risk assessment results in the risk assessment report (in Microsoft Word format)

5—Risk treatment

The HPE project team:

• Defines risk treatment options

• Maps risk treatment options to identified risk (from Stage 3)

• Recommends risk treatment controls for identified risk and documents the treatment suggestions in the risk treatment

plan/road map (in Microsoft Word format)