Risk assessment
Risk Assessment is a major component for achieving certification to ISO 27001 Information Security Management, for BS 25999 Business Continuity Management and for UK Government Accreditation. Intact consultants will carry out detailed reviews of security threats and vulnerabilities within your organisation’s systems and examine their potential business impact. These will not only relate to IT but will encompass all sensitive and mission-critical information held within your business.
Risk Assessment considers the likelihood and impact on the business of threats, vulnerabilities and exposures; the value of assets to be protected; and the costs of appropriate countermeasures. Intact consultants will work within the customer’s own risk management system using appropriate risk assessment methodologies.
Our consultants have experience of industry standard assessment methodologies including CRAMM, historically the UK Government’s preferred methodology, the new IS1(HMG Infosec Standards No.1) for risk assessment associated with UK e-Government. We also offer practical spreadsheet-based methods for ISO 27001 implementation and business continuity planning to identify scenarios that could result in high impact to the business. Our methodologies can be adapted and integrated with the customer’s own risk management systems.
Having identified the critical information assets, we will propose effective countermeasures to protect them. These include deterrent controls to reduce the likelihood of attack; detection controls to discover attacks; preventative controls to render attacks unsuccessful; and corrective controls to reduce their impact.