To ensure that the cyber security controls your organisation has chosen are appropriate to the risks it faces, a risk assessment should be carried out. This risk assessment consists of identifying, analysing and evaluating risk.
If your organisation does not have a risk assessment to inform your cyber security controls, you may be wasting time, effort and resources, as you could be protecting yourself against events that are unlikely to occur or will have little impact on your organisation.
As well as preparing for unlikely risks, your organisation could also overlook other risks. Data breaches are common, even among businesses that do not consider cyber security a priority.
Organisations that are starting out with an information security programme often turn to spreadsheets when tackling risk assessments, as they seem to be cost–effective. A risk assessment is complicated and multi-dimensional and using a spreadsheet leaves a lot of room for error and inconsistencies, as well as being very time consuming.
Risk assessment tools must be able to take account of a variety of elements, such as assets, threats, controls, vulnerabilities and the likelihood and impact of risks. They must also be able to facilitate reports and analysis.
vsRisk™ is an information security risk assessment software tool created by industry-leading ISO 27001 experts. With this tool, your risk assessment procedure will be as simple as choosing a few options and clicking a few buttons.
With more than ten years of development, vsRisk is a database-driven solution for conducting an asset-based or scenario-based information security risk assessment. It is proven to simplify and speed up the risk assessment process by reducing its complexity and cutting associated costs.
The vsRisk database includes a sample risk assessment that can be used as a template for your organisation’s own projects, reducing even more time and effort.
When setting up vsRisk, users can set their risk assessment criteria and adjust the scales to measure the likelihood and impact of potential risks. You will then be guided through the risk assessment process by the wizard. You can identify risks by selection assets, threats and vulnerabilities, recording how you would respond to each risk and applying the controls needed to reduce the risk.
Using vsRisk can save 80% of the time currently spent on your risk assessments, as well as giving you auditable results year after year. It also takes human error out of the equation, producing simple, fast, accurate and hassle-free risk assessments.
With this tool you can meet the ISO 27001 requirements for consistent, valid and comparable results, and export, edit and share reports across the business and with auditors.
It also includes a set of policies and procedures for compliance with ISO 27001:2013, as well as an interactive dashboard that provides a quick summary of the risk assessment and the progress made.