Information risk management

Establishing an information risk management system

Information risk management, nowadays, is one of the most important elements of information security and the establishment of the same is a priority of every organization that wants to protect its business. Due to the regular increase in threats and the introduction of new technologies, the establishment of an information risk management system is becoming an increasingly complex task.

Risk is always present, and if we are not prepared, we can have big problems and significant losses. Therefore, information security risk management is the responsibility of each organization.

There are six basic steps in risk management:

  • Risk identification
  • Assignment of risk owners
  • Risk analysis
  • Risk assessment
  • Risk treatment
  • Risk monitoring and auditing

The goal of risk management is to effectively manage identified risks in a manner appropriate to the type of risk, the organization’s capabilities, and best practices.

What is information risk?

Information risk poses a threat that someone or something will exploit the vulnerabilities of information resources and harm the organization. Hardware, software, network, staff, buildings, utilities, etc. are considered information resources that should be regularly protected from intentional (e.g. hacker attacks), accidental (e.g. employee errors) or natural threats (e.g. lightning strike). The ISO / IEC 27005: 2018 standard provides a methodology for information risk management, but each organization can define its own methodology that corresponds to the way of doing business, the scope of the system …

What do you get by setting up an information risk management system?

With the service of establishing an information risk management system, you get:

  • Clear and concise reports demonstrating the security status of the organization in accordance with the ISO / IEC 27001 standard and legal regulations.
  • Advisory services in the identification of information resources, analysis and evaluation, and the establishment of information security controls in accordance with best practices.

Xiphos has extensive international experience in developing, implementing and maintaining information risk management systems in line with best practices. Our consulting methodologies and tools are the result of continuous improvement, research and work with clients. Contact us with confidence!


5 + 4 =

Upravljanje informacijskim rizicima
informacijski rizik

Copyright © 2020. ≈ Xiphos d.o.o.