Understanding the risk landscape of your business is integral to developing strategies to mitigate your exposure to internal and external threats.
Taking a risk-based approach is also key to complying with the General Data Protection Regulation and is a cornerstone of building an ISO 27001-compliant
information security management system.
A facilitated workshop will help you identify, document and prioritise information security risks as well as consider and discuss potential risk treatment options.
During the workshp, we'll make notes of appropriate controls and measures relevant to your organisation and include them as recommmendations in our final delivery of the compiled Risk Register and supporting report. The controls will be based on your business context and goals, risk appetite and the risk assessment itself.
The primary output of the risk assessment workshop will be the risk register. This is the repository where you keep track of all identified risks and other relevant informations such as the information asset owner, priority, impact, risk treatment methods and current treatment status. It is a living document and needs to be kept up-to-date as you action existing risks and identify new ones.