Acceptable enterprise risk is a key element of the affordability balance between architectural objectives, timeframe, and risk. Enterprise risks are associated with achieving or maintaining the required architectural capabilities. Enterprise risks primarily arise from the following sources:
- Unintentional sources such as, but not limited to, technology readiness, operator error, system failure, and obsolescence
- Malevolent sources that overtly and/or covertly seek out physical and cyber vulnerabilities
Exostrategies uses an agile Affordable Risk Management (ARM) process to continuously assess and prioritize risk mitigation activities based upon changing guidance and prevalent threats.
Deployable in both classified and unclassified environments, our ARM process is designed to link our physical and cyber vulnerability management services via application of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) standards within the Architex™ Decision Support Suite.
Architex provides the ability to:
- Define risk mitigation activities, timelines, and projects such as plans of action and milestones (POA&Ms).
- Allocate RMF controls to POA&Ms, projects and architectural elements.
- Create center of gravity topologies that identify optimum strategies for investment based on key architectural vulnerabilities.
- Define affordable and acceptable risk metrics based on the desired architectural objectives subject to budgetary constraints.
- Identify the point at which the marginal cost of further risk reduction is not worth the investment return.
- Associate vulnerabilities to risks.