You are here: Home / About Us / News / Second Version of Information Security Risk Management Methodology by GlobalTrust

Second Version of Information Security Risk Management Methodology by GlobalTrust

GlobalTrust releases the second version of information security risk management methodology represented by sets of GTS 1056, GTS 1057 document templates.

Simple and easy to understand information security risk management methodology is what the modern business needs most of all. Competent risk management allows to stay protected without compromising competitiveness. In 2007, GlobalTrust developed and offered to its customers and partners the first version of its own risk management methodology, fully compliant with the requirements of ISO 27001, ISO 27005 and based on popular risk assessment methods such as CRAMM, OCTAVE and RA2.

Well-known risk assessment methods fully proved their efficiency, but their application is Russian companies is not effective enough for many reasons. The main reasons are great labor intensity of the process, absence of Russian versions, imperfection of model of threats, absence of clear link between the levels of risks and average annual loss, necessity to use expensive software tools with serious functional constraints, etc. This fact resulted in necessity of development of own risk management methodology and a set of GTS 1056 document templates based on it.

GlobalTrust continuously improves its risk management methodology. Based on the results of the projects implemented in 2007-2008, this methodology and the respective documents were significantly modified. Seven new documents were added into the Set:

  1. Register of informational assets
  2. Register of security requirements
  3. Emergency priorities table
  4. Criteria of an estimation of damage
  5. Security audit plan
  6. Risk assessment plan
  7. Risk assessment report

All other documents were fully reviewed and filled in with the data obtained in the course of actual projects! You don’t need to invent anything. You may just supplement and correct the available data.