One of the key requirements of ISO 17799 / BS 7799 is that a formal Risk Assessment is conducted of critical business assets to enable an organisation to ensure that all security risks are identified by a methodical assessment.
A Risk Assessment is a systematic consideration of:
- The business harm likely to result from a security failure, taking into account the potential consequences of a loss of Confidentiality, Integrity or Availability of the information and other assets.
- The realistic likelihood of such a failure occurring in the light of prevailing threats and vulnerabilities, and the controls currently implemented.
A Risk Assessment enables an organisation to balance expenditure on controls against the business harm likely to result from a security failure.
Our Risk Assessment services are ideally suited to assist an organisation that handles, processes, or stores sensitive information.
The services can consist of high-level reviews of critical business processes, BS 7799 Gap Analysis reviews, or the use of more formal methods such as CRAMM.
