Risk Assessment Solution
The Risk Assessment Solution (RAS) application is a universal tool for risk assessment within various areas of organization’s activities. The application supports basic stages of risk assessment process, which are identification, analysis and evaluation of risks. Based on the evaluation and quantification of risks, the application allows selection of security measures to reduce risks and minimize the impact of potential threats on assets.
Methodology
Risk assessment methodology is implemented according to the international standard ISO/IEC 27005, which relates to security of information systems and information security (ISMS). The guidelines used are based on the Decree on Cyber Security (Decree No. 82/2018 Coll.) and other recommendations of the National Cyber and Information Security Agency. After modification or creation of new catalogues of threats and measures or metrics, the selected methodology is applicable in other areas.
Risk Management Process
Functionality overview
Identification and Registration of Assets
Assets Sorting by Type
Asset Valuation
IT Threat Catalogue
IT Measures Catalogue
Threat Evaluation
List of Risks – Threats, Assets and Vulnerabilities Interaction
Inherent and Initial Risk Calculation
Selection of Measures and their matching with Risks
Import of Threat Catalogues for Analyzed Area
Import of Measures Catalogues for the Analyzed Area
Risk Coverage by Measures Report
Generation of Applicability Statement
Generation of Risk Management Plan