Risk management

The problem

Making decisions and taking risk is the basic premise for conducting any business. Making the most appropriate decision among several alternatives is a difficult task, especially if there are not enough indicators to support that decision.

Information security management faces a similar problem. How to choose security solutions and controls, which will ensure an appropriate level of security and remain justifiable by business? How to define the strategy, set the goals in the Information Security area, and accomplish optimal results for the organization? These are just a few questions among others which need to be considered when it comes to the Information Security. The risk management process can provide the right answers.

Service

The risk assessment and complete risk management process provides the basis for decision making during ISMS implementation. Financially and business justifiable security controls, which mitigate risk, are selected from the risk assessment process.

Conducting the risk management process, INFIGO IS ensures the basis for ISMS or BCM alignment with business goals and strategy.

Documenting the business processes, asset inventory, discovering vulnerabilities, and potential threats are the basic inputs to the risk assessment process.

After the risk assessment and based on business goals and strategy, the risk management process is performed by selecting controls and procedures to:

Mitigate the risks,
Accept the risks or
Transfer the risks.

The methods used for the risk management may vary upon requirements and needs. The process is transparent, and repeatable, to ensure process measurement and the comparison of results.

Benefit

The risk management process ensures adjustment of Information Security and Business Continuity Management Systems with the business goals and strategy.

The systematic approach to the risk management process ensures efficient time planning and budgeting of current and future needs.

contact

Management systems: