IRM – INFORMATION RISK MANAGEMENT

  1. HOME
  2. Information Risk Management

The information risk management process (IRM) is the initial framework for the systematic solution of information security, which usually includes the identification and assessment of assets and risks, the design of security measures, cost / benefit analysis and implementation of selected measures, including subsequent verification of their effectiveness. During the process we use the company’s methodology which divides the solution into phases known from the classic life cycle of the information system. At the same time, the methodology is flexible enough to respect the existing state of security solutions, the nature of the information system, corporate culture and other restrictive conditions.

RISK MANAGEMENT IN PRACTICE

Information risk management services use our own methodology, which is based on generally accepted industry standards and methods adapted for use in local conditions. The methodology was developed on the basis of our experience with the overall solution of information security in a number of commercial companies and public institutions.

INFORMATION SECURITY STRATEGY

The absence of an information security strategy is one of the reasons leading to an unsystematic security solutions. It also weakens the effectiveness of managerial practices – planning, management and control.

null

INFORMATION SECURITY STRATEGY

The absence of an information security strategy is one of the reasons leading to an unsystematic security solutions. It also weakens the effectiveness of managerial practices – planning, management and control.

null

REQUIREMENTS ON INFORMATION SECURITY

There is often a significant gap between the proclaimed principles and the actual situation. The first step in bridging this gap is to define technical and non-technical information security requirements.

null

INFORMATION SECURITY SOLUTION DESIGN

Effective system security design requires knowledge of the technologies used, specialized security products, the ability to interpret the requirements of specific technologies and experience with problems in system operation.

null

VULNERABITILY TESTING

Vulnerability testing detects vulnerabilities by scanning for hardware and software patches or verifying intrusion through vulnerabilities to an organization’s assets or performing unauthorized activity through penetration testing.

HOW CAN WE HELP YOU?

When managing information risks, we rely on an analysis of the general aspects of the company’s business activities that affect information security, we define the essential parameters valid in this area and we recommend an adequate procedure for the further solution of the security program.

IRM IMPLEMENTATION

In the area of risk management, we follow long-established, methodological principles and practices. The risk management process we set is in accordance with standards and legal requirements:

ISO/IEC 27005 Information technology – Security techniques – Information security risk management
ISO/IEC 27002 Information technology – Security techniques – Code of practice for information security controls
ISO/IEC 27001 Information technology – Security techniques – Information security management systems – Requirements
Act No. 181/2014 Coll. on cyber security

Decree No. 82/2018 Coll. on cyber security

When defining safety requirements, we follow our own methodology, which is based on the ISO / IEC 27001 standard and RAMSES methodology adapted for use in local conditions. The methodology was developed on the basis of our experience with the overall solution of information security in a number of commercial companies and public institutions. We are based on a security strategy.

Our consultants will suggest a way to make safer use of existing IT resources, will also design additional specialized security products and specify organizational measures that are a prerequisite for the safe operation of the system.

IMPLEMENTED60
60
RECOMMENDED15
15
NOT APPLICABLE20
20
ACCEPT RISK5
5

TOOL FOR INFORMATION RISK MANAGEMENT

RAMSES or Risk Analysis and Management System for Enhanced Security has been developed by our company since 2005 and is primarily designed for risk management. The methodology used by the RAMSES tool is fully in accordance with the requirements of the ISO / IEC 27001 standard. on cyber security or GDPR.

IRM TRAINING

IS risk analysis has an irreplaceable role in the system approach to solving problem areas of the organization’s information system. At present, when many organizations feel the need to address the security of their information system, risk analysis helps determine the significance and impact of possible security issues in the IS on the organization.

The training program prepared by our specialists offers participants a way to gain the knowledge and experience needed to perform risk analysis and to use risk analysis to ensure the security of IS in the organization.

IRM IMPLEMENTATION

In the area of risk management, we follow long-established, methodological principles and practices. The risk management process we set is in accordance with standards and legal requirements:

ISO/IEC 27005 Information technology – Security techniques – Information security risk management
ISO/IEC 27002 Information technology – Security techniques – Code of practice for information security controls
ISO/IEC 27001 Information technology – Security techniques – Information security management systems – Requirements
Act No. 181/2014 Coll. on cyber security
Decree No. 82/2018 Coll. on cyber security

When defining safety requirements, we follow our own methodology, which is based on the ISO / IEC 27001 standard and RAMSES methodology adapted for use in local conditions. The methodology was developed on the basis of our experience with the overall solution of information security in a number of commercial companies and public institutions. We are based on a security strategy.

Our consultants will suggest a way to make safer use of existing IT resources, will also design additional specialized security products and specify organizational measures that are a prerequisite for the safe operation of the system.

IMPLEMENTED60
60
RECOMMENDED15
15
NOT APPLICABLE20
20
ACCEPT RISK5
5

TOOL FOR INFORMATION RISK MANAGEMENT

RAMSES or Risk Analysis and Management System for Enhanced Security has been developed by our company since 2005 and is primarily designed for risk management. The methodology used by the RAMSES tool is fully in accordance with the requirements of the ISO / IEC 27001 standard. on cyber security or GDPR.

IRM TRAINING

IS risk analysis has an irreplaceable role in the system approach to solving problem areas of the organization’s information system. At present, when many organizations feel the need to address the security of their information system, risk analysis helps determine the significance and impact of possible security issues in the IS on the organization.

The training program prepared by our specialists offers participants a way to gain the knowledge and experience needed to perform risk analysis and to use risk analysis to ensure the security of IS in the organization.

IRM IMPLEMENTATION

In the area of risk management, we follow long-established, methodological principles and practices. The risk management process we set is in accordance with standards and legal requirements:

ISO/IEC 27005 Information technology – Security techniques – Information security risk management
ISO/IEC 27002 Information technology – Security techniques – Code of practice for information security controls
ISO/IEC 27001 Information technology – Security techniques – Information security management systems – Requirements
Act No. 181/2014 Coll. on cyber security
Decree No. 82/2018 Coll. on cyber security

When defining safety requirements, we follow our own methodology, which is based on the ISO / IEC 27001 standard and RAMSES methodology adapted for use in local conditions. The methodology was developed on the basis of our experience with the overall solution of information security in a number of commercial companies and public institutions. We are based on a security strategy.

Our consultants will suggest a way to make safer use of existing IT resources, will also design additional specialized security products and specify organizational measures that are a prerequisite for the safe operation of the system.

IMPLEMENTED60
60
RECOMMENDED15
15
NOT APPLICABLE20
20
ACCEPT RISK5
5

TOOL FOR INFORMATION RISK MANAGEMENT

RAMSES or Risk Analysis and Management System for Enhanced Security has been developed by our company since 2005 and is primarily designed for risk management. The methodology used by the RAMSES tool is fully in accordance with the requirements of the ISO / IEC 27001 standard. on cyber security or GDPR.

IRM TRAINING

IS risk analysis has an irreplaceable role in the system approach to solving problem areas of the organization’s information system. At present, when many organizations feel the need to address the security of their information system, risk analysis helps determine the significance and impact of possible security issues in the IS on the organization.

The training program prepared by our specialists offers participants a way to gain the knowledge and experience needed to perform risk analysis and to use risk analysis to ensure the security of IS in the organization.

Do you want to know more information? Don’t hesitate to contact us!

Do you want to know more information? Don’t hesitate to contact us!

Menu
WordPress Appliance - Powered by TurnKey Linux