Good cyber risk management reduces the impact of cyber incidents

Home > Services > Cyber Risk Management

Cyber Risk Management

The cyber risk management process is an essential part of an organisation’s or project’s approach to properly handling risk. The organisation must identify its business critical information assets across its entire infrastructure if it is to capture and manage risks accordingly. This includes processing activities, storage repositories, access controls, how information is shared and how information is securely disposed of once no longer needed. Once this has been established and documented, appropriate and pragmatic controls can be applied to mitigate the identified risk to a level acceptable to the risk appetite of the organisation.

  • Understand and document the organisational or project risk appetite
  • Effectively manage risks moving forward
  • Reduce the likelihood and impact of risks to the business and the associated costs involved

The common output of the information asset identification process is completed, a prioritised list of risks can be used to drive decisions on how the organisation or project should progress, which is then used as an input into the risk management process. If all of the risks above the organisational or project’s risk management tolerance are then properly managed, there is an increased likelihood of success moving forward.

Prism Infosec’s experienced security and information risk advisors applying cyber risk management techniques can deliver quantitative or qualitative risks assessments using a variety of either in-house or off-the-shelf methodologies and frameworks to fit with our clients’ requirements, including the use of:

  • NIST SP 800-30
  • CRAMM / CRAMM Express
  • Risk IT / COBIT
  • IRAM
  • ISO 27000 series guidance on risk and management
  • HMG IS1 (now retired)

Through a combination of client workshops, information transfer, observational audits and conducting or viewing the output from technical assessments, our consultants will conduct an extensive review of the organisation or project’s business operations. The assessment will take into account policies, processes, procedures, the legal and regulatory environment and physical and logical security controls.

The output from the assessment shall be a management summary describing the key risks that have been identified, including any root cause analysis, a narrative description of the assessment that was conducted and the output of a set of prioritised risks. Full workings of the risk assessment output can be provided, either in hard or soft copy.

Email Prism Infosec, complete our Contact Us form or call us on 01242 652100 and ask for Sales to setup an initial discussion.

request a callback

  • Fields marked with an * are mandatory

  • This field is for validation purposes and should be left unchanged.

Additional services in this category