1. Assess
the existing security protection in terms of countering the identified security risks.
2. Evaluate
identified threats and establish the level of risk, the likelihood of an adverse event and its resulting impact.
3. Provide
gap analysis to isolate areas where your security program does not meet industry best practices.
4. Recommend
risk control strategies to mitigate identified security risks to an acceptable level at an acceptable cost.