Tackling an information security risk assessment

control-427512_1920Defending your organisation from information security risks without knowing what those risks are is like blind target practice: you’ll keep missing your opponent. A risk assessment gives the organisation a specific, defined set of targets to aim for, and for which to develop mitigating strategies.

ISO 27001 is the most rigorous and recognised international standard for implementing and managing the security controls that protect a company’s information assets. As organisations worldwide recognise the need to manage and protect their sensitive information, an ISO 27001 certification has increasingly become a requirement for doing business with many enterprises.

Risk-based thinking

An ISO/IEC 27001:2013 certification is the result of a corporate commitment to instil the importance of risk-based thinking into the organisation, coupled with rigorous compliance to a robust information security risk and control framework.

Risk assessments are complex 

The information security risk assessment is a complex process that usually involves a raft of variables. The risk assessor will usually

  • identify all the relevant information assets;
  • establish the threats and vulnerabilities that can jeopardise the confidentiality, availability or integrity of those assets;
  • analyse the likelihood and impact of those risks occurring;
  • determine the organisation’s risk appetite and risk acceptance threshold
  • identify the risk and asset owners;
  • evaluate and assign the various controls that it plans to implement in order to reduce those risks;
  • set risk criteria and baseline security controls – these also usually form part of a comprehensive risk assessment.

Do it faster, better, and with less of the hassle

With vsRisk™, the task of conducting the risk assessment is made simpler and faster, owing to the following winning features:

  • Built-in libraries of threats and vulnerabilities (risks);
  • A step-by-step procedure to follow when conducting your risk assessment, in line with ISO 27001;
  • A built-in risk assessment example, which can be copied and used as a model;
  • A built-in library of controls from ISO 27001 and other major frameworks;
  • An optional built-in documentation toolkit that provides all of the customisable policies and procedures you need in order to document how you manage your risks;
  • Automated reports, including the Statement of Applicability and risk treatment plan – critical for a certification audit;
  • A dashboard providing an overview of actions required and implementation details;
  • An interactive panel to view the controls you’ve selected;
  • Multi-user options;
  • Database on a server option;
  • 12-month support and update contracts;
  • Flexible settings;
  • Ability to import assets from Excel;
  • Optional additional ISMSs;

vsRisk delivers a lot of functionality at an incredibly low price, helping you achieve consistent, repeatable and accurate risk assessments, year after year – another requirement of ISO 27001.

To get to see how vsRisk works, sign up for a personal, one-to-one demo now and test-drive the product yourself.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.