Orthus can conduct an extensive review to define, identify and isolate a company's information assets, then classify and categorise the specific security threats to those assets - along with the probability of the threats being realised or exploited.

The service assists organisations in understanding exactly what needs to be protected, why it needs protecting, and what might happen if protection is not implemented.

Once risks are assessed and quantified Orthus will recommend simple and effective policies, processes and procedures – as well as technical controls - to transfer or mitigate risk. Finally Residual Risk can be identified, understood and accepted.

All Orthus assessments are carried out in the UK by highly experienced information security professionals, each engagement formally managed to an agreed project plan. Our lead risk specialists are familiar with both industry best practice (ISO 27001, COSO, CoBIT, ITIL etc) and with the legislative, regulatory and compliance landscape - including the Data Protection Act, ECHR, privacy laws, FSA, SOX, HIPAA, and GLBA – that combine to drive the information security agenda today.

Assessments are conducted using a proven real-world methodology for both risk (and threat) assessment, using the same models as the world’s largest and most complex companies, based on de facto standards (and the one true national standard for Risk Management (AS/NZS 4360:1999)).