Cyber Security Risk Services

Cyber Security Risk Services
SDS provides Cyber Risk services tailored to meet your business objectives. Our approach is not merely your standard risk identification exercise using a cookie cutter framework, but instead we specifically design your risk assessment with the scope aligned to your business. Results of your risk assessment provide a systematic approach with specific objectives, design, implementation, priorities and cost estimates to communicate and plan cybersecurity risks. You receive a proven roadmap to address risks that is aligned with people, process and technology that aligns with your business and security program goals.

Set Up Context/Gather Information
First, our team gathers the key details for your operating and business environments, including both technical and non-technical aspects.

  • Identify Scope – define the in-scope data, information systems and key subject matter experts associated with protecting those systems.
  • Technical information – internal and external network maps, hardware and software inventories and configurations, interfaces with external entities, and standards, policies, and procedures governing the technical operation, maintenance, upgrading and monitoring of your systems.
  • Non-technical information – policies, standards and procedures governing physical security, personal security, training and expertise, vendor contracts and, insurance coverage.

Identify Risk
We identify your protected information (data) and those systems where this data is protected. We then identify potential threats and vulnerabilities, and protecting controls associated with the protection of the information (data).

  • Obtain and identify– data flow analysis of networks, computer systems, internal-external system connections, business partners, outsourcing implementations, and controls
  • Identify information usage– employee access; storage, transmission, protection & disposing; and authentication & authorization aspects.
  • Identify risk elements – potential threats, vulnerabilities and compensating controls

Assess Risk
After our team identifies key data, systems and risk elements, we assess and rate/rank your risks to these systems using:

  • Collect and record – using data from personnel interviews, documentation reviews or surveys
  • Assess – define impact and likelihood aligned with identified threats and other risk elements
  • Calculate – rate/rank risk levels based upon threats and likelihood by each control in scope

Evaluate Risk
Our senior team members conduct the following steps provide you a roadmap forward to address your identified risks, including proposed mitigation efforts and estimates.

  • Use risk levels – compare risks against your business’ appetite
  • Create – custom recommendations to mitigate risks for those controls failing to meet acceptance criteria
  • Present – roadmap report with executive summary and details for mitigating risks along with presentation of final results to customer stakeholders (including Q&A)

About SDS
We are Secure Digital Solutions (SDS), a Minneapolis-based consultancy focused on providing strategic cyber security and data privacy guidance to organizations across business sectors. We bring you deep knowledge of data privacy and security management practices. Our principal consultants have at least 15 years’ experience, and each member of the SDS team maintains key industry certifications (such as CIPM®, CISSP®, CISM® and related). We bring you perspectives attained from senior leadership roles across multiple industries, including: financial services, healthcare, information services, retail, distribution, academia and more. With our cloud-based platform, TrustMAPP®, SDS leads the industry by recognizing the value of using process maturity as the foundation for an effective program strategy. This approach is now becoming the industry standard for measuring and communicating the business value of information security and privacy.

For information on how TrustMAPP® may help you elevate the conversation about information security and to request a free trial, visit