Risk analysis
The aim of risk analysis is to identify threats to the safety of information that the Client is susceptible and exposed to and, based on the results, to assess the level of the risk.
Information risk analysis
The aim of risk analysis is to identify threats to information safety that the Client is susceptible and exposed to and, based on the results, to assess the level of the risk. Then, based on the ascertained level of risk and a number of internal and external conditions, a forecast is developed concerning the possibility of losses resulting from the risk being materialised and the proposition of actions that minimise the forecasted losses is presented.
The integral part of risk analysis is to specify the significance of the ascertained risk for the entire organisation as well as the “profit and loss account” of resulting from implementation of the proposed activities and solutions improving the safety level.
Further activities in the risk analysis:
- Preliminary training in risk management in company theory, presentation of the methods of estimating risk,
- Specification of the scope of risk assessment in cooperation with Management if the company,
- Selection of methods of risk estimation,
- Application of the selected methods in cooperation with the employees and co-labourers of the company,
- Drawing and presenting conclusions.
The final result has a form of the risk analysis report containing a description of identified risks, their significance as well as suggested, cost-effective methods of their minimisation or bringing to the acceptable level.
The risk analysis is performed in accordance with the guidelines specified in PN-ISO/IEC 27001:2007 and BS 7799-3 standards as well as in NIST SP 800-30.
