The information risk management process (IRM) is the cornerstone of a systematic information security solution, which usually includes risk identification, risk analysis and evaluation, risk design, including security measures, costs / benefit analysis and implementation of selected measures, including subsequent verification of their effectiveness. In solving this problem, we are based on the company’s methodology, which divides the solution into phases known from the classic life cycle of the information system. At the same time, the methodology is flexible enough to respect the existing state of security solutions, the nature of the information system, corporate culture and other restrictive conditions.
RISK MANAGEMENT IN PRACTICE
Information risk management services use our own methodology, which is based on generally accepted industry standards and methods adapted for use in local conditions. The methodology was developed on the basis of our experience with the overall solution of information security in a number of commercial companies and public institutions.
The absence of an information security strategy is one of the reasons leading to an unsystematic security solutions. It also weakens the effectiveness of managerial practices – planning, management and control.
There is often a significant gap between the proclaimed principles and the actual situation. The first step in bridging this gap is to define technical and non-technical information security requirements.
Effective system security design requires knowledge of the technologies used, specialized security products, the ability to interpret the requirements of specific technologies and experience with problems in system operation.
Vulnerability testing detects vulnerabilities by scanning for hardware and software patches or verifying intrusion through vulnerabilities to an organization’s assets or performing unauthorized activity through penetration testing.
INFORMATION SECURITY STRATEGY
The absence of an information security strategy is one of the reasons leading to an unsystematic security solutions. It also weakens the effectiveness of managerial practices – planning, management and control.
REQUIREMENTS ON INFORMATION SECURITY
There is often a significant gap between the proclaimed principles and the actual situation. The first step in bridging this gap is to define technical and non-technical information security requirements.
INFORMATION SECURITY SOLUTION DESIGN
Effective system security design requires knowledge of the technologies used, specialized security products, the ability to interpret the requirements of specific technologies and experience with problems in system operation.
VULNERABITILY TESTING
Vulnerability testing detects vulnerabilities by scanning for hardware and software patches or verifying intrusion through vulnerabilities to an organization’s assets or performing unauthorized activity through penetration testing.
HOW CAN WE HELP YOU?
When managing information risks, we rely on an analysis of the general aspects of the company’s business activities that affect information security, we define the essential parameters valid in this area and we recommend an adequate procedure for the further solution of the security program.
IRM IMPLEMENTATION
In the area of risk management, we follow long-established, methodological principles and practices. The risk management process we set is in accordance with standards and legal requirements:
ISO/IEC 27005 Information technology – Security techniques – Information security risk management
ISO/IEC 27002 Information technology – Security techniques – Code of practice for information security controls
ISO/IEC 27001 Information technology – Security techniques – Information security management systems – Requirements
Act No. 181/2014 Coll. on cyber security
Decree No. 82/2018 Coll. on cyber security
When defining safety requirements, we follow our own methodology, which is based on the ISO / IEC 27001 standard and RAMSES methodology adapted for use in local conditions. The methodology was developed on the basis of our experience with the overall solution of information security in a number of commercial companies and public institutions. We are based on a security strategy.
Our consultants will suggest a way to make safer use of existing IT resources, will also design additional specialized security products and specify organizational measures that are a prerequisite for the safe operation of the system.
TOOL FOR INFORMATION RISK MANAGEMENT
RAMSES or Risk Analysis and Management System for Enhanced Security has been developed by our company since 2005 and is primarily designed for risk management. The methodology used by the RAMSES tool is fully in accordance with the requirements of the ISO / IEC 27001 standard. on cyber security or GDPR.
IRM CONSULTANCY
IS risk analysis has an irreplaceable role in the system approach to solving problem areas of the organization’s information system. At present, when many organizations feel the need to address the security of their information system, risk analysis helps determine the significance and impact of possible security issues in the IS on the organization.
Our consulting support is intended for employees who are responsible for risk management and information security, for the professional guarantee of security issues and for the performance of technical activities related to this issue.
IRM IMPLEMENTATION
In the area of risk management, we follow long-established, methodological principles and practices. The risk management process we set is in accordance with standards and legal requirements:
ISO/IEC 27005 Information technology – Security techniques – Information security risk management
ISO/IEC 27002 Information technology – Security techniques – Code of practice for information security controls
ISO/IEC 27001 Information technology – Security techniques – Information security management systems – Requirements
Act No. 181/2014 Coll. on cyber security
Decree No. 82/2018 Coll. on cyber security
When defining safety requirements, we follow our own methodology, which is based on the ISO / IEC 27001 standard and RAMSES methodology adapted for use in local conditions. The methodology was developed on the basis of our experience with the overall solution of information security in a number of commercial companies and public institutions. We are based on a security strategy.
Our consultants will suggest a way to make safer use of existing IT resources, will also design additional specialized security products and specify organizational measures that are a prerequisite for the safe operation of the system.
TOOL FOR INFORMATION RISK MANAGEMENT
RAMSES or Risk Analysis and Management System for Enhanced Security has been developed by our company since 2005 and is primarily designed for risk management. The methodology used by the RAMSES tool is fully in accordance with the requirements of the ISO / IEC 27001 standard. on cyber security or GDPR.
IRM CONSULTANCY
IS risk analysis has an irreplaceable role in the system approach to solving problem areas of the organization’s information system. At present, when many organizations feel the need to address the security of their information system, risk analysis helps determine the significance and impact of possible security issues in the IS on the organization.
Our consulting support is intended for employees who are responsible for risk management and information security, for the professional guarantee of security issues and for the performance of technical activities related to this issue.
IRM IMPLEMENTATION
In the area of risk management, we follow long-established, methodological principles and practices. The risk management process we set is in accordance with standards and legal requirements:
ISO/IEC 27005 Information technology – Security techniques – Information security risk management
ISO/IEC 27002 Information technology – Security techniques – Code of practice for information security controls
ISO/IEC 27001 Information technology – Security techniques – Information security management systems – Requirements
Act No. 181/2014 Coll. on cyber security
Decree No. 82/2018 Coll. on cyber security
When defining safety requirements, we follow our own methodology, which is based on the ISO / IEC 27001 standard and RAMSES methodology adapted for use in local conditions. The methodology was developed on the basis of our experience with the overall solution of information security in a number of commercial companies and public institutions. We are based on a security strategy.
Our consultants will suggest a way to make safer use of existing IT resources, will also design additional specialized security products and specify organizational measures that are a prerequisite for the safe operation of the system.
TOOL FOR INFORMATION RISK MANAGEMENT
RAMSES or Risk Analysis and Management System for Enhanced Security has been developed by our company since 2005 and is primarily designed for risk management. The methodology used by the RAMSES tool is fully in accordance with the requirements of the ISO / IEC 27001 standard. on cyber security or GDPR.
IRM CONSULTANCY
IS risk analysis has an irreplaceable role in the system approach to solving problem areas of the organization’s information system. At present, when many organizations feel the need to address the security of their information system, risk analysis helps determine the significance and impact of possible security issues in the IS on the organization.
Our consulting support is intended for employees who are responsible for risk management and information security, for the professional guarantee of security issues and for the performance of technical activities related to this issue.
Do you want to know more information? Don’t hesitate to contact us!
Do you want to know more information? Don’t hesitate to contact us!