Risk assessment

Introduction

Reducing risk increases safety

The aim of the risk assessment is to identify the main risks to your business based on the security measures of the ISO/IEC 27001 standard and CIS critical security controls, as well as on the requirements of the NIS Directive. Based on the identified risks we find, we will provide recommendations and support you in finding effective methods and ways to reduce risk levels.

Kontakta oss

Vill du veta mer om våra tjänster och lösningar? Kontakta oss så hjälper vi dig.

About the service

Why work with risks?

The risk assessment helps to highlight and understand the specific threats and vulnerabilities that may arise within your organization. By having a clear picture of these risks, we can then offer tailored recommendations and support to implement effective measures to minimize risk levels.

Our aim is not only to identify the risks, but also to actively support you in managing them in a proactive and strategic way. We aim to provide concrete solutions and support to ensure your business is equipped to meet the information security challenges of today and tomorrow.

With our risk assessment, you can rest assured that you have a solid foundation to protect your business and its valuable information against potential threats and attacks. By acting proactively, you can minimize the risk of disruption and damage to your business and maintain the trust of your customers and partners.

Några av våra kunder

The process

How the risk assessment works

Our work process looks like this.

  1. Kick-off meeting
    In the kick-off meeting with you, we have an initial conversation about scope, objectives, methodology, timeline and expectations. We discuss when and who will receive the final report and who will participate in the vulnerability identification workshop. It is important to be open and honest throughout the process to get the most accurate and valuable risk picture possible.
  2. Examination of documents
    Before the vulnerability identification workshop, we go through all the documentation on information security that you have provided to us.
  3. Vulnerability identification workshop
    We bring together all the key people in your company who work or are closely linked to information security work to identify vulnerabilities.
  4. Risk identification
    We identify the main risks and the security measures linked to them.
  5. Risk analysis workshop
    We assess the identified risks together with you and use the probability and impact guide and the risk matrix to determine the risk score.
  6. Final report
    We produce a final report including executive summary, scope of the risk assessment, objectives, methodology and benchmarking, a summary of the main risks, main recommendations and coverage of ISO 27001.

The reports

The final report includes an executive summary, the scope of the risk assessment, objectives, methodology and benchmarking – a summary of the main risks. The report will also include information on the documents collected from your company, people interviewed, probability and impact guide along with a risk matrix guide.

Please note that the report does not provide a detailed maturity overview according to standards (e.g. how many CIS controls your company complies with), but instead provides a general overview of your risks.

Get in touch!

If this sounds interesting for your company, you can either send a message using the contact function, or simply pick up the phone and call 020-66 99 00. We also offer services in
ISO 27001
!