Risk Assessment Solution - ICZ Group

Risk Assessment Solution

The Risk Assessment Solution (RAS) application is a universal tool for risk assessment within various areas of organization’s activities. The application supports basic stages of risk assessment process, which are identification, analysis and evaluation of risks. Based on the evaluation and quantification of risks, the application allows selection of security measures to reduce risks and minimize the impact of potential threats on assets.

Methodology

Risk assessment methodology is implemented according to the international standard ISO/IEC 27005, which relates to security of information systems and information security (ISMS). The guidelines used are based on the Decree on Cyber ​​Security (Decree No. 82/2018 Coll.) and other recommendations of the National Cyber ​​and Information Security Agency. After modification or creation of new catalogues of threats and measures or metrics, the selected methodology is applicable in other areas.

Risk Management Process

Functionality overview

Identification and Registration of Assets
Assets Sorting by Type
Asset Valuation
IT Threat Catalogue
IT Measures Catalogue
Threat Evaluation
List of Risks – Threats, Assets and Vulnerabilities Interaction

Inherent and Initial Risk Calculation
Selection of Measures and their matching with Risks
Import of Threat Catalogues for Analyzed Area
Import of Measures Catalogues for the Analyzed Area
Risk Coverage by Measures Report
Generation of Applicability Statement
Generation of Risk Management Plan