Service Features

This service will typically involve the following activities:

  • Establish scope for assessment
  • Establish the risk measurement criteria – how we will measure risk exposures as well as residual risk levels
  • Identify assets and asset containers – data/ information type and relevant classification, Information assets, location of assets both physically and logically
  • Identify threats and areas of concern – detail real-world conditions or situations that could affect identified information assets, detail motivation and potential outcomes for threat realisation
  • Identify risks and detail the impact should threat scenarios be realised
  • Analyse risks – risk impact is assessed and the measurement criteria are applied
  • Risk treatment/ mitigation – controls are selected and applied to each risk to reduce the risk to an acceptable level
  • Produce a risk summary review including detailed findings and a summary report