Enterprise Risk Assessment

A “crown jewels” approach to measuring and managing cyber risk

Enterprise Risk Management (ERM) isn’t a new concept. Most enterprises have well-established policies and processes to monitor and manage financial, operational, regulatory, and reputational risks.

However, as enterprises have become increasingly interconnected and technology-enabled, many of their most valuable assets are now digital. Assets like customer and financial data, communications infrastructure, trade secrets, software, internal and externally-facing websites, and even information about their employees and supply chains. Those assets are known as an enterprise’s “crown jewels”.

Protecting these digital assets requires a holistic approach that requires the involvement of business leaders and a careful analysis of information assets, threats, security controls and potential business impacts. Once completed, management can choose to accept or mitigate identified risks, bringing the enterprise in line with its risk management policies. 

Risk Assessment for Better Business Decisions

Coalfire’s “crown jewels” risk assessment program provides a rational, fact-based analysis of your enterprise’s current risk posture, and provides the foundation for making business decisions about security policy, organization, and potential investments. 

Our assessment findings are prioritized and rated based on their risk and probability of exploitation, and the potential business impact. A heat map shows exactly what people, processes and technologies are most at risk so you can focus your efforts on addressing the issues that matter the most.

In collaboration with your executive leaders and information security team, Coalfire consultants will define:

  • The most important assets (crown jewels) that your enterprise is seeking to protect and the senior decision-maker for those assets.
  • The financial risk associated with the loss, disruption, exposure or corruption of those assets measured in terms of annualized loss expectancy (quantitative, semi-quantitative, or qualitative).
  • Your organization’s risk tolerance for those assets.
  • Recommendations for treating risks found to be beyond the enterprise’s risk tolerance.
  • A risk register and action plan that defines budget requirements, timelines and business ownership of the selected risk treatment approach.  

Why Choose Coalfire for your Enterprise Risk Management Framework

Since our founding in 2001, Coalfire has established itself as a pure-play, vendor-neutral cybersecurity advisory firm serving as a trusted advisor to executives, legal counsel, compliance managers and security practitioners across numerous industries.

Each Coalfire project is led by a credentialed, industry-savvy senior director and supported by consultants armed with the methodologies, insights and know-how accumulated through service to over 1,400 clients annually.



Case Studies