You are here: Home / Services / Information security risk assessment

Information security risk assessment

Risk assessment and treatment is the basis of ISMS. GlobalTrust will help you to assess information security risks, and to develop risk management procedures, suitable for your organisation.

We also will help you to construct a high-grade control system of risks of informational safety which will allow an organisation manual to accept timely and economically well-founded administrative solutions.

At performance of operations according to informational risks and to implantation of managerial processes by risks in the organisation experts GlobalTrust are guided by positions of British standard BS 7799 Part 3 – "Control systems of informational safety - Practical rules of handle of risks of informational safety", defining processes of an estimation and handle of risks as a control system component организациии, use widespread all over the world methodology OCTAVE developed at university Carnegie-Melon (USA), and also program toolkit «RA2 the art of risk», from developers of standards ISO/IEC 17799/27001.

The estimation of risks includes actions for definition of that what resources and it is necessary to protect from what threats, and also in what those degrees or other resources require protection. The risk is defined by probability of causing of a damage and the value of the damage put to the organisation, in case of realisation of threat of safety. The estimation of risks consists in revealing existing risks and to estimate their value. Procedure of an estimation of risks includes a number of consecutive stages:

  • Tincture of methodology of an estimation under the concrete organisation
  • Choice of a scale of an estimation of risks
  • Estimation of cost of resources, probabilities of threats and vulnerabilities value
  • Definition of admissible level of remainder risks
  • Estimation of risks
  • Preparation of the report by results of an estimation of risks
  • Development of the register of informational risks
  • Decision-making on processing of risks
  • Development of the Schedule of processing of risks
  • Development of the Declaration on applicability
  • Negotiation and presentation of account documents