Risk assessment
Introduction
Reducing risk increases safety
The aim of the risk assessment is to identify the main risks to your business based on the security measures of the ISO/IEC 27001 standard and CIS critical security controls, as well as on the requirements of the NIS Directive. Based on the identified risks we find, we will provide recommendations and support you in finding effective methods and ways to reduce risk levels.
About the service
Why work with risks?
The risk assessment helps to highlight and understand the specific threats and vulnerabilities that may arise within your organization. By having a clear picture of these risks, we can then offer tailored recommendations and support to implement effective measures to minimize risk levels.
Our aim is not only to identify the risks, but also to actively support you in managing them in a proactive and strategic way. We aim to provide concrete solutions and support to ensure your business is equipped to meet the information security challenges of today and tomorrow.
With our risk assessment, you can rest assured that you have a solid foundation to protect your business and its valuable information against potential threats and attacks. By acting proactively, you can minimize the risk of disruption and damage to your business and maintain the trust of your customers and partners.
Några av våra kunder
The process
How the risk assessment works
Our work process looks like this.
- Kick-off meeting
In the kick-off meeting with you, we have an initial conversation about scope, objectives, methodology, timeline and expectations. We discuss when and who will receive the final report and who will participate in the vulnerability identification workshop. It is important to be open and honest throughout the process to get the most accurate and valuable risk picture possible. - Examination of documents
Before the vulnerability identification workshop, we go through all the documentation on information security that you have provided to us. - Vulnerability identification workshop
We bring together all the key people in your company who work or are closely linked to information security work to identify vulnerabilities. - Risk identification
We identify the main risks and the security measures linked to them. - Risk analysis workshop
We assess the identified risks together with you and use the probability and impact guide and the risk matrix to determine the risk score. - Final report
We produce a final report including executive summary, scope of the risk assessment, objectives, methodology and benchmarking, a summary of the main risks, main recommendations and coverage of ISO 27001.
The reports
The final report includes an executive summary, the scope of the risk assessment, objectives, methodology and benchmarking – a summary of the main risks. The report will also include information on the documents collected from your company, people interviewed, probability and impact guide along with a risk matrix guide.
Please note that the report does not provide a detailed maturity overview according to standards (e.g. how many CIS controls your company complies with), but instead provides a general overview of your risks.