Basing the development of a security architecture on the outcomes of a security risk assessment is the best of way ensuring that the spend on security is mitigating the most pressing risks. Understanding the nature of your information assets and the threats posed to them will greatly enhance your ability to direct resources and measure the outcomes of your controls.
Assessing key systems from the perspective of inherent vulnerabilities is one of the most cost effective security measures an administrator can take. Not only does it lower the risk profile by identifying and mitigating the identified vulnerabilities, it also allows the administrator to develop a baseline of what the security posture of their systems are at a point in time.
ThinkSecure uses risk assessment methodologies based on IAS/NZS 4360: 1999 Risk Management to identify and score risks to assets prior to recommending mitigation controls. We also work extensively on helping our customers with vulnerability assessment as part of the proactive security regime.