Your browser version is outdated. We recommend that you update your browser to the latest version.

Use a well-grounded methodology that can produce repeatable results... 


Risk Assessment Methodology and Report

We can assist you with developing a Risk Assessment Methodology that aligns with the ISO 27001 requirements. We can also perform the Assessment utilizing the methodology and produce the Risk Assessment Report.


Methodology:

We will work to ensure that your existing methodology produces the required results, especially where an enterprise-level risk management  framework is in place. Or, alternately we can produce the methodology that conforms to the requirements and expectations of 27001 using the ISO 27005 Standard or other methodologies. The basic methodology should:

  Identification of security risks:

 

  • Identify mission critical primary and secondary assets
  • Assessment of the security impact(s)
  • Produce a list rated threats and their sources 
  • Identify existing controls 
  • Produce a list of rated vulnerabilities
  • Identify possible incident scenarios 

   Risk Analysis:

 

  • Assessment of incident(s) likelihood
  • Assessment of the consequences
  • Determine the level of risks

  Risk Evaluation

 

  • Compare the list of risks with the established criteria 
  • Identify risk treatment options
  • Produce a prioritized lit of risks

 

Expected Outcome(s):

A Risk Assessment Report that conforms to 27001. We will perform the Risk Assessment and ensure that it produces the necessary results to identify security risks and align with the security controls outlined in 27002.

Learn More.....