Risk Management solution in compliance with ISO 27005
OUR RISK MANAGEMENT PROCESS
Intex IT can handle all aspects of your risk management program following the ISO 27005:2011 framework.
Your consultant will work with you and your stakeholders to gather information on the purpose, criteria, and scope of the risk management activities including defining the risk acceptance criteria based on the risk appetite of the organization.
We will identify all organizational primary and supporting assets within the scope defined in the context establishment phase of the project. A qualitative risk assessment will be performed on the assets by valuing the loss of confidentiality, integrity, and availability.
Working with you and your stakeholders, your consultant will help with selecting appropriate controls in order to mitigate the risks using measures to reduce, retain, avoid, or transfer the risk.
Each risk will be evaluated against the risk acceptance criteria to prioritize the risk list with treatment options.
We will provide you with an executive summary for your stakeholders, and a detailed risk register report for you.
Risk Monitoring and Review
We can come and monitor our implemented mitigating controls and review to ensure that they are working as planned, and that the calculated residual risk level is accurate.
Understanding an organization and its context
Defining a risk management approach
Selecting of risk analysis methodologies
Defining risk evaluation criteria
Identification of assets, threats, existing controls, vulnerabilities and consequences (impacts)
Assessing of consequences and incident likelihood
Determining the level of risk
Evaluating risk scenarios
Evaluating risk treatment options
Selecting and implementing information security controls