Our Methods Our Methods

WCK is a sister company to iTcon Ltd. WCK uses iTcon's proven methodologies and security know-how, gaining from more than 10 years of experience in the Risk Management field.

Comprehensive Risk Model

WCK's Risk Model is a comprehensive and flexible risk model which Performs Model-Based and Rule-Based Risk Assessment on the system assets. The risk model is compliant to industry standard risk models such as NIST's and OCTAVE's.

The risk model will perform the following tasks:

  • Analyze questionnaires and build vulnerability list.
  • Provide countermeasures by analyzing vulnerability in context of threat and asset type.
  • Prioritize countermeasures by analyzing LIKELIHOOD and IMPACT in context of Asset criticality and Process criticality.

EESA – End To End Security Assessment
- An Innovative Approach to Risk Assessment

Developed by iTcon, EESA© (End to End Security Assessment) is a risk assessment method that was created especially for distributed critical systems. The method is based on the identification of critical information flows within systems and performance of an end-to-end analysis of the security services along each information flow. EESA's advantage is the ability to analyze all layers of a system, starting from the critical business activities and ending with the computing and networking infrastructure. EESA adds numerous layers of security analysis and bridges the gap between classical theoretical approaches and practical implementation of security methods. Thus, EESA complements existing high-level methodologies and helps transform Risk Management methodologies into practical tools.

EESA was selected as a business case for the European Commission ACIP (Assessment of Critical Infrastructure Protection) workshop that took place last November in Brussels. EESA presentation is located at the ACIP web site.

EESA is also mentioned in the projects report "Roadmap for provision of methodologies for CIS investigation", written by Telecom Paris/ENST, It was written there: "Practical and business- related methodologies that can bridge this gap are required (such as the End to End Security Assessment model (EESA) that was presented at the ACIP workshop in last November)" The official EU-ACIP report is located here.

 
Home About Us Products Our Methods Publications Contact Us
2005 whitecyberknight.com - Leaders in Information Risk Management - All Rights reserved.