IRM – INFORMATION RISK MANAGEMENT

The information risk management process (IRM) is the cornerstone of a systematic information security solution, which usually includes risk identification, risk analysis and evaluation, risk design, including security measures, costs / benefit analysis and implementation of selected measures, including subsequent verification of their effectiveness. In solving this problem, we are based on the company’s methodology, which divides the solution into phases known from the classic life cycle of the information system. At the same time, the methodology is flexible enough to respect the existing state of security solutions, the nature of the information system, corporate culture and other restrictive conditions.

RISK MANAGEMENT IN PRACTICE

Information risk management services use our own methodology, which is based on generally accepted industry standards and methods adapted for use in local conditions. The methodology was developed on the basis of our experience with the overall solution of information security in a number of commercial companies and public institutions.

INFORMATION SECURITY STRATEGY

The absence of an information security strategy is one of the reasons leading to an unsystematic security solutions. It also weakens the effectiveness of managerial practices – planning, management and control.

REQUIREMENTS ON INFORMATION SECURITY

There is often a significant gap between the proclaimed principles and the actual situation. The first step in bridging this gap is to define technical and non-technical information security requirements.

INFORMATION SECURITY SOLUTION DESIGN

Effective system security design requires knowledge of the technologies used, specialized security products, the ability to interpret the requirements of specific technologies and experience with problems in system operation.

VULNERABILITY TESTING

Vulnerability testing detects vulnerabilities by scanning for hardware and software patches or verifying intrusion through vulnerabilities to an organization’s assets or performing unauthorized activity through penetration testing.

null

INFORMATION SECURITY STRATEGY

The absence of an information security strategy is one of the reasons leading to an unsystematic security solutions. It also weakens the effectiveness of managerial practices – planning, management and control.

null

REQUIREMENTS ON INFORMATION SECURITY

There is often a significant gap between the proclaimed principles and the actual situation. The first step in bridging this gap is to define technical and non-technical information security requirements.

null

INFORMATION SECURITY SOLUTION DESIGN

Effective system security design requires knowledge of the technologies used, specialized security products, the ability to interpret the requirements of specific technologies and experience with problems in system operation.

null

VULNERABITILY TESTING

Vulnerability testing detects vulnerabilities by scanning for hardware and software patches or verifying intrusion through vulnerabilities to an organization’s assets or performing unauthorized activity through penetration testing.

HOW CAN WE HELP YOU?

When managing information risks, we rely on an analysis of the general aspects of the company’s business activities that affect information security, we define the essential parameters valid in this area and we recommend an adequate procedure for the further solution of the security program.

IRM IMPLEMENTATION

In the area of risk management, we follow long-established, methodological principles and practices. The risk management process we set is in accordance with standards and legal requirements:

ISO/IEC 27005 Information technology – Security techniques – Information security risk management
ISO/IEC 27002 Information technology – Security techniques – Code of practice for information security controls
ISO/IEC 27001 Information technology – Security techniques – Information security management systems – Requirements
Act No. 181/2014 Coll. on cyber security

Decree No. 82/2018 Coll. on cyber security

When defining safety requirements, we follow our own methodology, which is based on the ISO / IEC 27001 standard and RAMSES methodology adapted for use in local conditions. The methodology was developed on the basis of our experience with the overall solution of information security in a number of commercial companies and public institutions. We are based on a security strategy.

Our consultants will suggest a way to make safer use of existing IT resources, will also design additional specialized security products and specify organizational measures that are a prerequisite for the safe operation of the system.

IMPLEMENTED60
60
RECOMMENDED15
15
NOT APPLICABLE20
20
ACCEPT RISK5
5

TOOL FOR INFORMATION RISK MANAGEMENT

RAMSES or Risk Analysis and Management System for Enhanced Security has been developed by our company since 2005 and is primarily designed for risk management. The methodology used by the RAMSES tool is fully in accordance with the requirements of the ISO / IEC 27001 standard. on cyber security or GDPR.

IRM CONSULTANCY

IS risk analysis has an irreplaceable role in the system approach to solving problem areas of the organization’s information system. At present, when many organizations feel the need to address the security of their information system, risk analysis helps determine the significance and impact of possible security issues in the IS on the organization.

Our consulting support is intended for employees who are responsible for risk management and information security, for the professional guarantee of security issues and for the performance of technical activities related to this issue.

IRM IMPLEMENTATION

In the area of risk management, we follow long-established, methodological principles and practices. The risk management process we set is in accordance with standards and legal requirements:

ISO/IEC 27005 Information technology – Security techniques – Information security risk management
ISO/IEC 27002 Information technology – Security techniques – Code of practice for information security controls
ISO/IEC 27001 Information technology – Security techniques – Information security management systems – Requirements
Act No. 181/2014 Coll. on cyber security
Decree No. 82/2018 Coll. on cyber security

When defining safety requirements, we follow our own methodology, which is based on the ISO / IEC 27001 standard and RAMSES methodology adapted for use in local conditions. The methodology was developed on the basis of our experience with the overall solution of information security in a number of commercial companies and public institutions. We are based on a security strategy.

Our consultants will suggest a way to make safer use of existing IT resources, will also design additional specialized security products and specify organizational measures that are a prerequisite for the safe operation of the system.

IMPLEMENTED60
60
RECOMMENDED15
15
NOT APPLICABLE20
20
ACCEPT RISK5
5

TOOL FOR INFORMATION RISK MANAGEMENT

RAMSES or Risk Analysis and Management System for Enhanced Security has been developed by our company since 2005 and is primarily designed for risk management. The methodology used by the RAMSES tool is fully in accordance with the requirements of the ISO / IEC 27001 standard. on cyber security or GDPR.

IRM CONSULTANCY

IS risk analysis has an irreplaceable role in the system approach to solving problem areas of the organization’s information system. At present, when many organizations feel the need to address the security of their information system, risk analysis helps determine the significance and impact of possible security issues in the IS on the organization.

Our consulting support is intended for employees who are responsible for risk management and information security, for the professional guarantee of security issues and for the performance of technical activities related to this issue.

IRM IMPLEMENTATION

In the area of risk management, we follow long-established, methodological principles and practices. The risk management process we set is in accordance with standards and legal requirements:

ISO/IEC 27005 Information technology – Security techniques – Information security risk management
ISO/IEC 27002 Information technology – Security techniques – Code of practice for information security controls
ISO/IEC 27001 Information technology – Security techniques – Information security management systems – Requirements
Act No. 181/2014 Coll. on cyber security
Decree No. 82/2018 Coll. on cyber security

When defining safety requirements, we follow our own methodology, which is based on the ISO / IEC 27001 standard and RAMSES methodology adapted for use in local conditions. The methodology was developed on the basis of our experience with the overall solution of information security in a number of commercial companies and public institutions. We are based on a security strategy.

Our consultants will suggest a way to make safer use of existing IT resources, will also design additional specialized security products and specify organizational measures that are a prerequisite for the safe operation of the system.

IMPLEMENTED60
60
RECOMMENDED15
15
NOT APPLICABLE20
20
ACCEPT RISK5
5

TOOL FOR INFORMATION RISK MANAGEMENT

RAMSES or Risk Analysis and Management System for Enhanced Security has been developed by our company since 2005 and is primarily designed for risk management. The methodology used by the RAMSES tool is fully in accordance with the requirements of the ISO / IEC 27001 standard. on cyber security or GDPR.

IRM CONSULTANCY

IS risk analysis has an irreplaceable role in the system approach to solving problem areas of the organization’s information system. At present, when many organizations feel the need to address the security of their information system, risk analysis helps determine the significance and impact of possible security issues in the IS on the organization.

Our consulting support is intended for employees who are responsible for risk management and information security, for the professional guarantee of security issues and for the performance of technical activities related to this issue.

Do you want to know more information? Don’t hesitate to contact us!

Do you want to know more information? Don’t hesitate to contact us!

WordPress Appliance - Powered by TurnKey Linux