- Understand project or organisational risk
- Produce a prioritised set of risks
- Ensure effective readiness for the risk management process
Risk assessments are a useful business tool to understand the risks to the organisation or a particular project.
The common output, a prioritised list of risks can be used to drive decisions on how the organisation or project should progress, which is then used as an input into the risk management process. If all of the risks above the organisational or project’s risk management tolerance are then properly managed, there is an increased likelihood of success moving forward.
AT-Cyber’s experienced Security and Information Risk Advisors can deliver quantitative or qualitative risks assessments using a variety of either in-house or off-the-shelf methodologies and frameworks to fit with our clients’ requirements, including the use of:
- NIST SP 800-30
- CRAMM / CRAMM Express
- Risk IT / COBIT
- IRAM
- ISO 27000 series guidance on risk and management
- HMG IS1 (now retired)
Through a combination of client workshops, information transfer, observational audits and conducting or viewing the output from technical assessments, our consultants will conduct an extensive review of the organisation or project’s business operations. The assessment will take into account policies, processes, procedures, the legal and regulatory environment and physical and logical security controls.
The output from the assessment shall be a management summary describing the key risks that have been identified, including any root cause analysis, a narrative description of the assessment that was conducted and the output of a set of prioritised risks. Full workings of the risk assessment output can be provided, either in hard or soft copy.