Risk Services

The assessment of the Cyber, Product, OT and other Security risks your organization faces, is a critical exercise that allows prioritization of security investment to where it is needed most.  Coupled with Crown Jewel Identification and Security Maturity Assessment, this is an incredibly powerful toolset that helps you rank risks and assets, and prioritize the critical controls needed to protect.  ​

​

k2 has deep experience performing risk assessments, and has the unique ability to ensure results are well received by your stakeholders.

Your company is evaluating or in the process of acquiring a business, and Security is tasked to urgently assess and report on the IT and Security posture of the target organization.  The Security organization may not have the bandwidth or expertise to jump on this task, without other critical priorities being affected.  

​

This is where k2 can help.  We have decades of experience doing assessments like this, and can alleviate the stress on Security, while providing an independent un-biased report on the target organization's IT and Security posture.

The Security of your suppliers is as important as your organization's security.  Why?  A cyber incident at your supplier could result in supply chain disruptions, financial fraud, data leak and bad press that affects YOU.  This is why organizations need to hold their critical suppliers to high Security standards, and periodically assess their compliance.  

At k2, we have helped organizations large and small navigate how to build a good Risk-Based Third Party Management Program.  In addition, k2 can periodically audit these suppliers for compliance with your Security Standards, and provide you with un-biased reporting.

The identification of your organization's most critical assets to protect, or Crown Jewels, is perhaps the single most important exercise a CISO will undertake.  This informs the Cyber Strategy, Team build out, Org Model, Transformation priorities and strategy and funding options.  Without knowing "what" you are trying to protect, you have no way of setting proper Security Maturity targets, or logical way of allocating scarce funding to achieve maximum risk reduction.  

​

k2 has successfully performed Crown Jewel Identification exercises for Fortune 500 and Fortune 150 organizations.  It's critical, especially in Global and highly complex organizations, that the right Executives are engaged in the process, to ensure the business priorities are reflected and that there is buy-in to the results.  This ultimately makes the business case to invest in protecting the Crown Jewels well received.  It is important for Security to guide this discussion rather than direct it.  We have the deep experience and Executive presence to get it done.