We perform risk analysis and risk management in the areas of business, information security, and also in the area of information system design or implementation. You can eliminate, reduce, or remove security risks for your entire organisation or a specific project.
We identify threats using threat catalogues, to which we always add other relevant threats and vulnerabilities. The relevant threats and vulnerabilities are identified through consultation, in-depth vulnerability scanning, or cyber defense penetration testing.
The result is an accurate map of your organisation's risks and vulnerabilities.
We will create a customised risk treatment plan for you. The plan will suggest how each risk should be treated.
Above all, you will get a detailed list of all security measures, including clearly defined responsibilities, necessary resources, and priorities, not only in the area of data security.
A typical risk assessment process is conducted in the following stages:
1. Asset identification - we will map your information, support, and technical assets and the relations between them.
2. Asset evaluation – we will determine the requirements for confidentiality, integrity, and availability of identified assets.
3. Threat and vulnerability identification – we will select valid threats and vulnerabilities from the threat catalogue.
4. Threat and vulnerability assessment – we will determine the likelihood of a threat occurring and the extent of its impact.
5. Risk assessment – we will calculate specific risk values for individual assets and valid threats.
6. Risk management – we will determine whether the risk should be accepted, reduced by applying risk-reducing measures, transferred or if it can be completely avoided.
7. We will select specific measures and include them in your risk treatment plan.
We work with a universal threat catalogue that includes all types of threats. We select a specific set of threats during the threat identification phase or even as early as during the initial meeting when we adapt the methodology to your needs.
It's a document that defines how the individual risks will be treated. The most important part is the list of measures that need to be implemented which includes clearly defined responsibilities, necessary resources, and priorities. It is an implementation plan from which the individual sub-projects are derived.