IT Risk assessment According to ISO 27005

The importance of information technology in a company calls for a comprehensive identification and assessment of ever-present IT risks. The ISO/IEC 27005 norm, as part of the ISO 2700X family, describes the necessary process in the form of IT risk management.

So-called IT risk assessments are a fundamental part of risk management. Owing to our solid knowledge and long-term experience in the field, our company can assist you with the implementation of risk analyses and tailor them to your specific requirements. The following three project steps have thereby proven to be successful:

Step 1: Workshop for Context Definition / Compilation

Definition of the test object / collection of basic information from the IT risk management system and the Information Security Management System (ISMS) of the client

Step 2: Risk Assessment

  • risk identification
  • risk evaluation
  • risk assessment and prioritization

Step 3: Risk Response

Description and mapping of specific measures

The implementation of IT risk assessments by our company complies with ISO/IEC 27005. For the purpose of a process-based establishment of IT risk management it is possible to include a client coaching session within the respective project.