IT Risk Management according to ISO/IEC 27005
Support with the introduction or optimization of IT risk management according to ISO/IEC 27005
A growing threat landscape, technological change as well as legal requirements demand a well-founded and structured approach to dealing with a company’s IT risks. A corresponding, process-based risk management approach will help you to identify your IT-related risks, to assess them in a comprehensible manner and to counteract them with the necessary measures. The established ISO / IEC 27005 standard forms an important basis for this. Based on our many years of experience and expertise in the field of IT risk management, we help you to establish and optimize your IT risk management.
High IT dependency and numerous IT-related threats challenge companies to identify and minimize their individual IT risks in time. Ultimately, this is only possible by establishing a corresponding management process, the so-called IT risk management. Thereby, not only the company’s IT environment is being assessed; the starting point is rather the company’s business processes and their interaction with information technologies. Once the IT assets and business process requirements have been identified, a comprehensive analysis, evaluation and mitigation of IT risks can be initiated. The well-established ISO/IEC 27001:2011 norm thereby offers suitable instructions and process steps, particularly regarding context establishment, risk assessment, risk treatment, risk acceptance, risk reporting and risk monitoring. A process-based handling of IT risks also allows for the derivation of performance indicators and comprehensible reporting.
Based on our long-term practical experience, we support you with the establishment of all required process steps as well as with the assessment of IT risks and the compilation of meaningful risk reporting.
Project based threat and risk assessments for IT applications and environments
If required, SCHUTZWERK additionally carries out targetedfor individual IT applications and defined IT environments which do not require a comprehensive risk management approach on behalf of the client.