Risk analysis, assessment, and management

We will identify, reduce, and eliminate risks and threats in your organisation as well as recommend effective security measures. Save time and money by preventing the damage that could be caused by cybersecurity and information protection vulnerabilities.

Get a free consultation
Risk analysis, assessment, and management
It takes companies up to 6 months to detect a serious security breach.
Be prepared
Find out what threats your organisation is facing and what are their consequences including the cost of damage.
Don't waste time and money
Prevent damages with an in-depth risk analysis to ensure safe operation of current and future projects.
Reduce the risks to zero
Identify and reduce the risks in your company to an acceptable level by implementing effective security measures.
Suitable for the whole organisation and individual projects

Suitable for the whole organisation and individual projects

We perform risk analysis and risk management in the areas of business, information security, and also in the area of information system design or implementation. You can eliminate, reduce, or remove security risks for your entire organisation or a specific project.  

Suitable for the whole organisation and individual projects

Threat catalogue

We identify threats using threat catalogues, to which we always add other relevant threats and vulnerabilities. The relevant threats and vulnerabilities are identified through consultation, in-depth vulnerability scanning, or cyber defense penetration testing. 

The result is an accurate map of your organisation's risks and vulnerabilities.  

Threat catalogue
Implementation of a risk treatment plan

Implementation of a risk treatment plan

We will create a customised risk treatment plan for you. The plan will suggest how each risk should be treated.

Above all, you will get a detailed list of all security measures, including clearly defined responsibilities, necessary resources, and priorities, not only in the area of data security.   

Implementation of a risk treatment plan

How does the cooperation work?

Identification and evaluation of assets
We will map your information assets, supporting assets, and technical assets. We will then determine their requirements for confidentiality, integrity, and availability.
Risk identification and assessment
We will identify valid threats and vulnerabilities and according to financial metrics, we will calculate specific risk values for individual assets.
Risk management and measures
We will help you decide if you should accept, reduce, or transfer the risks, propose the necessary measures, and develop a detailed risk treatment plan.

Why should you choose risk assessment and risk management from us?

We will evaluate your risks in terms of financial value
We quantify all risks in financial metrics.
We give you clear results
Thanks to our own SMC tool, we are able to provide clear and understandable risk analysis results.
Many years of experience
We have more than 20 years of experience in the field of information security and protection against cyberattacks.


A typical risk assessment process is conducted in the following stages:  

1. Asset identification - we will map your information, support, and technical assets and the relations between them.  

2. Asset evaluation – we will determine the requirements for confidentiality, integrity, and availability of identified assets.  

3. Threat and vulnerability identification – we will select valid threats and vulnerabilities from the threat catalogue.  

4. Threat and vulnerability assessment – we will determine the likelihood of a threat occurring and the extent of its impact.  

5. Risk assessment – we will calculate specific risk values for individual assets and valid threats.  

6. Risk management – we will determine whether the risk should be accepted, reduced by applying risk-reducing measures, transferred or if it can be completely avoided.  

7. We will select specific measures and include them in your risk treatment plan. 


We work with a universal threat catalogue that includes all types of threats. We select a specific set of threats during the threat identification phase or even as early as during the initial meeting when we adapt the methodology to your needs. 

It's a document that defines how the individual risks will be treated. The most important part is the list of measures that need to be implemented which includes clearly defined responsibilities, necessary resources, and priorities. It is an implementation plan from which the individual sub-projects are derived. 

Leave us your contact information and together we will find the ideal solution for your security

Service guarantor
Ondřej Salák
Ondřej Salák
Information Security Consultant
Ondřej is a holder of CISM, TOGAF, and ITIL certifications. Thanks to his extensive experience and personable approach, he provides professional training sessions for both experts and the public.
Fast reply
Our consultant will get back to you within 24 hours of enquiry.
Individual approach 
We will help you with your problem and find the ideal customized solution for you.
Ahead of the competition
You will always take away something extra, to keep you a step ahead of the competition.
U Uranie 18, 170 00 Prague 7

CRN: 06291031
VAT: CZ06291031

NGSS has implemented an information security management system in accordance with ČSN ISO/IEC 27001:2014. NGSS Information Security Management System (ISMS) Policy here.
Ethical code
Not sure what to do?
Contact us.