Overall risk assessment

An overall risk assessment identifies a company's core values and defines undesirable events, referred to as top events, that can have critical consequences. The company's threats and vulnerabilities are mapped, and specific measures are presented to reduce risk. The measures are aimed at closing the root causes of the identified vulnerabilities, rather than addressing measures against each individual vulnerability. An overall risk assessment is based on meetings, workshops and a review of existing documentation.

Netsecurity's method for overall risk assessment is based on recognized standards such as ISO/IEC 27005 and ISO31000. The measures presented in the overall risk assessment can, for example, be linked to ISO27001 or NSM Basic Principles for ICT Security.

The implementation of an overall risk assessment includes planning meetings and workshops to map, assess and analyze risks. Netsecurity facilitates the workshops and conducts risk analysis based on the information obtained. The project plan may include, but is not limited to:

• Kick-off meeting
• Workshop with management
• Risk workshop
• Meetings and interviews with relevant personnel
• Site survey and physical workshop

The results are handed over and presented in the form of a report containing top incidents, threat assessment, identified vulnerabilities and recommended measures. The report is aimed at senior management and the board of directors in order to provide management with a basis for decision-making so that they can decide which areas have been adequately handled and which areas require further focus to bring the business within an acceptable level of risk.