top of page

Risk and Security Management

20231208 Gestión de riesgo y seguridad WOC_ES.gif

What does the service consist of?

Risk Management and Information Security is a process that aims to identify, analyze, measure and manage the risks associated with the delivery of IT services. Initially, it assesses the IT security risk posture, and then establishes and manages preventive controls against threats that may be found in the environment in which the company develops its operations and provides its services to customers.

SITES' service serves its customers' supply chain, supporting the development of security capabilities to protect the infrastructure they use to support their business processes, giving them visibility into the security posture of third parties that collaborate in the execution of those processes.

Risk management is present in all areas of the company, to a greater or lesser extent. However, this service seeks to make those responsible aware of the security threats that pose a danger to achieve their business objectives. Efforts to steer companies away from these risks are captured in an action plan that the service helps implement in periodic increments, using agile frameworks.

The main benefit of Risk Management and Security is the adoption of reference frameworks​ and development of business regulatory frameworks for continuous risk management and protection of their information assets.

What is the scope of the service?

Security and Risk Management includes three key areas of service:

  • IT Risk and Compliance Management (ITRCM)

  • Digital Forensic Evaluation and Incident Response (DFIR)

  • Security Architecture Assessment (SAR)

service catalog

  1. IT Risk Management (ITRM)

      a. Cybersecurity risk assessment

      b. Continuous cybersecurity risk management program​

      c. Operational risk assessment of technology infrastructures​

  2. Forensic Security Incident Response and Analysis (DFIR)

      a. Synergy - Security Incident Management Program​

      b. Synergy: security incident forensic analysis service​

      c. Analysis of vulnerabilities and shielding of technology and cloud infrastructure​

      d. Penetration analysis of technology and cloud infrastructure services

  3. Security Architecture Assessment (SAR)

      a. Evaluation of service security architectures in own facilities

      b. Evaluation of security architectures of cloud or hybrid services​

bottom of page