The back to basics approach being globally adopted sees all organisations being more prudent about how they manage their information security. ISO27001 required it, Sarbanes Oxley promoted it and COBIT is one way of doing it.
Not only must we justify to our assessors, regulators, auditors or shareholders that our information security risks are appropriately managed, but we must also demonstrate the process applied to support the decisions.
The dns approach utilises the stages recommended by ISO27001 (Risk Assessment, Risk Evaluation, Risk Management and Risk Treatment) with a model designed to combine the best elements of COBIT and other guidance. This model has been successfully applied in many organisation across the UK; organisations which you interact with daily.
The subject of the risk assessment can be related to a process, a strategy, or an individual technology and its granularity will be appropriate to the subject area under review.
dns can assist you through a risk review of your organisation, application or critical service. The dns consultancy team regularly carry out IS risk assessments for a wide variety of organisations. This assessment focuses on the scope of your IT systems including defining assets, defining threats and understanding vulnerabilities.
If you would like more information on our Risk Assessment service please email info@dns.co.uk or phone 0870 085 8555 to speak to one of our advisers.
