IT Risk Analysis
We offer the approach to IT Risk Analysis that is defined in ISO 27005. The first stage of the service is to inventory information assets. Subsequently, we identify the components of assets and specify vulnerabilities and threats with respect to all components. Then we analyse the assessment of impact of a given threat on vulnerabilities in accordance with the adopted methodology, specifying the degree of probability of a given threat. Ultimately, a risk classification is the outcome of probability and impact.
An example risk classification table, where risk is understood as the product of probability and impact (effects) of a given event.
IT risk analysis primarily aims at identifying threats to the IT infrastructure. The analysis is made in order to build or increase awareness in terms of IT system security. Such an analysis, if appropriately implemented, allows one to estimate potential losses related to security infringements, determine the most vulnerable areas and decide on priorities. The analysis is used to make a decision on counteracting a risk and to consciously manage it by way of risk limitation, avoidance, transfer or acceptance. This analysis enables one to propose sensible decisions and a rational budget to management. Risk analysis is one of the main tools in IT risk management.
- A base for IT risk management,
- Identification of critical areas in terms of IT security,
- Support in identifying threats and determining their causes,
- A basis for making decisions on implemented security measures,
- Arrangement of the IT security assessment process,
- Compliance with mandatory actions ensuing from the National Interoperability Framework (KRI) Regulation.