Risk Management
LegalNet provides quality risk management support services for CISA. LegalNet has expertise in assessing threat, vulnerability, and consequence to help CISA manage risks across the enterprise. Our experienced team can help design and implement risk management processes to advance CISA's mission as the Nation’s risk advisor.
​
LegalNet Knows Threat
LegalNet can provide insight into the complex array of threats that CISA faces in its mission to protect the Nation’s critical infrastructure. LegalNet has 20 years of experience working with government agencies, including law enforcement and the intelligence community, and we have cultivated a deep understanding of the most sophisticated adversaries. Our team constantly tracks the threat landscape to stay abreast of evolving tactics, techniques, and procedures and build adversary profiles. We can produce strategic and operational threat assessments to help CISA prioritize threats and inform mitigations.
​
LegalNet Knows Vulnerability
LegalNet has expertise in producing vulnerability assessments to help CISA manage risk to critical infrastructure. Our team has spent years developing a deep understanding of critical infrastructure, from the financial sector to the electrical grid, with a specialty in telecommunications and energy infrastructure. This expertise allows us to provide high-impact vulnerability assessments to give CISA a holistic, cross-sector view of the most pressing vulnerabilities. For example, we have worked with NRMC to develop methodologies to prioritize vulnerabilities to National Critical Functions. We also supported NRMC in identifying critical communications elements and determining criticality within the government’s supply chain.
​
LegalNet Knows Consequence
LegalNet provides consequence analysis so CISA can gauge the potential impact of threats and vulnerabilities. We have designed multiple frameworks to assess consequences, using rigorous qualitative and quantitative metrics. We routinely develop analytically useful models and scenarios to provide leadership with accurate, actionable vulnerability assessments. For example, our team supported NRMC in developing the SARA Consequence Assessment Risk Framework to assess impacts to telecommunications. We have also supported the Scalable Consequence Equivalency Representations for Cyber (SCERC) to develop approaches to compare and aggregate consequence measures.
​
LegalNet Can Provide an Integrated Risk Management Approach Combining TVC
LegalNet delivers fully integrated risk management solutions to tackle CISA's most pressing problems. We have supported various NRMC projects, including the design of the comprehensive Risk Architecture, the Cyber Risk Framework, and an ICT assessment. Our proven track record and cutting-edge research make us an excellent partner to ensure agency mission performance.