Risk Assessment Workshop

Understanding the risk landscape of your business is integral to developing strategies to mitigate your exposure to internal and external threats. Taking a risk-based approach is also key to complying with the General Data Protection Regulation and is a cornerstone of building an ISO 27001-compliant information security management system.

A facilitated workshop will help you identify, document and prioritise information security risks as well as consider and discuss potential risk treatment options.

Topics addressed:

  • Organisational context
  • Risk Identification
    • Assets and business processes
    • Threats
    • Existing security measures and controls
    • Vulnerabilties
    • Impact assessment
  • Risk Analysis
    • Quantitative
    • Qualitative
    • Likelihood and consquences
  • Risk Evaluation
  • Risk Treatment options/strategies
    • Risk modification
    • Risk retention
    • Risk avoidance
    • Risk sharing
  • Residual risk
  • Risk Register

During the workshp, we'll make notes of appropriate controls and measures relevant to your organisation and include them as recommmendations in our final delivery of the compiled Risk Register and supporting report. The controls will be based on your business context and goals, risk appetite and the risk assessment itself.

Risk Register

The primary output of the risk assessment workshop will be the risk register. This is the repository where you keep track of all identified risks and other relevant informations such as the information asset owner, priority, impact, risk treatment methods and current treatment status. It is a living document and needs to be kept up-to-date as you action existing risks and identify new ones.


Areas examined:

  • Security policy
  • Organisation of information security
  • Assets management
  • Human resource security
  • Physical and environmental security
  • Communication and operations security
  • Access control
  • Information system acquisition, development and maintenance
  • Information security incident management
  • Business continuity management
  • Regulatory compliance

Company Info
CYWebDev Ltd
6 - 9 Trinity Street
Dublin 2

Registered in Ireland
Company number: 586213

Contact