Risk Assessment

Map your risks and get input on how to prioritise resources

With a Risk Assessment, we review and assess your company's current and business security risks in relation to the current threat assessment. Based on this, you get an overview of IT risks and concrete suggestions for possible improvements.

Identify current risks

A risk assessment provides the company’s management with an overview and input for targeted and prioritised activities to identify current risks and thereby raise the security level.

Dubex Risk Assessment is based on, and complies with, the ISO27000 series for information security and includes:

Clarification of the company’s goals and risk appetite.
Vulnerability and impact assessment of selected information systems (security vulnerabilities and business consequences).
Opportunities for improvement and their security implications.

The risk assessment can be conducted on selected areas or systems.

What we do

The project begins with a start-up meeting, where we determine the details for interviews, the systems or areas to be reviewed, as well as the need for, and access to, technical documentation, etc. A qualitative risk assessment is then carried out. In dialogue with key technical people and business managers from your company, the likelihood of breaches of confidentiality, integrity and accessibility are assessed. In addition, together we review the possible and intended improvements as well as changes.

Based on the interviews, Dubex processes and analyses the gathered information and prepares the final report. The report contains:

The basis for decisions about IT security.
An executive summary with an overview of recommended prioritisation of resources.

The project ends with a report focusing on the prioritisation of the discovered risks.

Dubex Risk Assessment can be supplemented with:

Security Analysis
Vulnerability Scans
Penetration Tests
Scanning for malicious network traffic
Interview with outsourcing partners.

Workshop in Risk Assessment

The Dubex Risk Assessment Workshop gives you an introduction to risk assessments and presents you with a simple method to implement them.

The method for risk assessments is based on ISO27005, which describes best practice for assessing IT and information risks and follows the requirements in ISO 27001.

ISO 27001 is an international management standard on information security. The standard is a management tool that helps your company protect valuable information, including personal data, in a secure and reliable way.

What we do

Prior to the workshop, a short start-up meeting is held, where we agree on the details for the workshop, including who will participate, etc.

The workshop consists of:

A short presentation on risk assessment, including clarification of terminology.
Presentation of the method.
Feedback and discussion around asset selection.

The risk assessment workshop can be supplemented with feedback and discussion in connection with the implementation of the first risk assessments and/or a follow-up, where we discuss with you the completed risk assessments and any challenges in this regard.

Dubex Risk Assessment Workshop can, for example, be combined with: