Identify current risks
A risk assessment provides the company’s management with an overview and input for targeted and prioritised activities to identify current risks and thereby raise the security level.
Dubex Risk Assessment is based on, and complies with, the ISO27000 series for information security and includes:
- Clarification of the company’s goals and risk appetite.
- Vulnerability and impact assessment of selected information systems (security vulnerabilities and business consequences).
- Opportunities for improvement and their security implications.
What we do
The project begins with a start-up meeting, where we determine the details for interviews, the systems or areas to be reviewed, as well as the need for, and access to, technical documentation, etc. A qualitative risk assessment is then carried out. In dialogue with key technical people and business managers from your company, the likelihood of breaches of confidentiality, integrity and accessibility are assessed. In addition, together we review the possible and intended improvements as well as changes.
Based on the interviews, Dubex processes and analyses the gathered information and prepares the final report. The report contains:
- The basis for decisions about IT security.
- An executive summary with an overview of recommended prioritisation of resources.
The project ends with a report focusing on the prioritisation of the discovered risks.
Dubex Risk Assessment can be supplemented with:
- Security Analysis
- Vulnerability Scans
- Penetration Tests
- Scanning for malicious network traffic
- Interview with outsourcing partners.
Workshop in Risk Assessment
The Dubex Risk Assessment Workshop gives you an introduction to risk assessments and presents you with a simple method to implement them.
The method for risk assessments is based on ISO27005, which describes best practice for assessing IT and information risks and follows the requirements in ISO 27001.
What we do
Prior to the workshop, a short start-up meeting is held, where we agree on the details for the workshop, including who will participate, etc.
The workshop consists of:
- A short presentation on risk assessment, including clarification of terminology.
- Presentation of the method.
- Feedback and discussion around asset selection.
The risk assessment workshop can be supplemented with feedback and discussion in connection with the implementation of the first risk assessments and/or a follow-up, where we discuss with you the completed risk assessments and any challenges in this regard.
Dubex Risk Assessment Workshop can, for example, be combined with:
- ISO 27001 implementation
- Security Analysis
- Security Overview
- Compliance Check
Address tomorrow’s challenge, today.
Talk to an expert about how we can secure your business