The V&A Board of Directors were concerned that there was no formal mechanism to identify what were the key information security risks to the museum. We were engaged to help develop a information security risk assessment process and produce the supporting tools and documentation including the initial risk register.
We adopted a hybrid approach based on Sherwood Applied Business Security Architecture and HMG Information Assurance Risk Assessment Methodology. We developed an information security risk assessment
tool to be used by the V&A, and carried out risk assessments on the top ten systems or business process.
At the end of the engagement the V&A had a documented information security risk assessment standard, an information security risk assessment tool, an information security risk register and a list of actions to address the risks found during the risk assessments.
Contact Us