Security Risk Management
Each organisation is different, perceives risks differently and has a different appetite for risk. Therefore, each organisation will find its own way to identifying and capturing the risks, documenting it and adopting an approach that brings the right people to take informed decision in the right time. We can help with a risk assessment that links the results to your security controls. Regardless of whether you’re just now building your Information Security Management System (ISMS) or your organisation is already seasoned in managing security.
Why consider Security Risk Management?
As an organisation, you will face difficult decisions about security. Even when you seamlessly run your operations, handle incidents without an impact, or have impressive monitoring in place, it can be hard to prioritise new security initiatives, get the management consensus and obtain resources. Security Risk Management can help with that. The purpose is precisely to take decisions backed by analysing security risks, which are linked to the implemented security controls (or lack thereof). The organization also has to decide on the degree of risk-acceptance for which it will take liability.
What is the service?
We bring together our experience with ISO 27001 and ISO 27005. In this way, we bridge the implementation of security controls to the risk analysis. We also customise the risk analysis methodology to your organisation. This means reaching the following milestones:
Agree of the Risk Management framework responsibilities and improvement
Document the method to analyse risk
Link Risk Management to those processes where it can add value such as incident response, DevOps, asset management, business impact analysis or privacy impact assessment
Identify and analyse risk
Prepare a treatment plan for the risk
Agree on the Report-based Action Plan.