Risk analysis forms the basis of a large part of our services. Such analyses are often a required part of various certification schemes such as ISO27001. A risk analysis is also wise when introducing a new system or when migrating to the Cloud.
We use various methodologies for these risk analyses. The choice for a certain method depends on the requirements of the customer as well as the context. Frequently used methodologies include ISO27005, NIST 800-30, A&K (often used by governments) and Octave. The focus of the analysis can be on people, technology or organisation, depending on the requirements of the organisation. The result of the analysis is an overview of all the risks combined with an indication of the likelihood of this risk actually occurring. We also provide an overview of the potential impact to your organisation when such a risk occurs.
Risk analysis does not only take the technical aspects into consideration but also takes the human factor into account. Based on possible scenarios we make an inventory of the risks. These methods are often a good way to test your organisation’s ability to deter cyberattacks and are often combined with a penetration test.