We can help you protect your business by assessing possible risk and taking steps to mitigate it, as well as monitoring the result. That starts with self-defense basics: defining the nature of the risk, determining how it threatens information system security, then evaluating protective measures, keeping in mind the economic and other costs of those measures. This means identifying possible threats, vulnerabilities to those threats, possible countermeasures, impact and likelihood. Risk mitigation may include upgrading systems to minimize the likelihood of a breach. Finally, risk management includes monitoring the system on an ongoing basis to see if the risk mitigation interventions produced the desired results.