Professional risk assessment enables balanced expenditure on controls


Ely, England, 23 January 2012 – Risk assessment is critical for the cyber security of any organisation’s information assets. It plays an essential role ensuring their confidentiality, integrity and availability (CIA). Most organisations know they should conduct a risk assessment, identify the threats to their business and put in place adequate risk management controls. However, many of them are unsure as to how to do it.

Alan Calder, CEO of IT Governance, says “Having consulted many clients on information security issues, we have observed that most of them don’t manage risk effectively. They need to develop adequate risk management processes and policies in order to protect themselves from risks. The controls they put in place need to be based on informed assessment and their effectiveness needs to be measured.”

“It is important that when risk assessment is being undertaken no risk is left unexplored.” continues Calder, “Risk assessment enables expenditure on controls to be balanced against the business harm likely to result from security failures.”

IT Governance Ltd, the global leader in information security products and services, has developed a risk assessment tool, vsRisk, that automates and accelerates the risk assessment process. It enables project managers to monitor the day-to-day execution and management of the controls as well as generating reports for audit purposes. Customers, who order a copy of vsRisk before 31 January 2012, will receive 15% off all training courses from IT Governance: .

Uniquely, vsRisk can assess the confidentiality, integrity and availability for each of the business, legal and contractual aspects of information assets, as required by the ISO 27001 standard. The tool can serve as a day-to-day operational tool, showing at a glance where an organisation stands in its progress towards ISO 27001 compliance. A free trial version can be requested here

vsRisk offers an in-built audit trail, comparative history, comprehensive reporting and gap analysis that radically reduces the manual record keeping traditionally associated with risk assessments. The tool minimises the need for specialist knowledge and significantly undercuts the cost of generalist risk management tools, thus, making ISO27001 compliance achievable for a far wider range of organisations and professionals.

As well as supporting ISO/IEC 27001:2005 and ISO/IEC 27002, vsRisk v1.5 complies with BS7799-3:2006, ISO/IEC 27005, NIST SP 800-30 and the UK’s Risk Assessment Standard.

vsRisk is produced by Vigilant Software, the specialist software subsidiary of IT Governance and can be purchased online from

This website uses cookies. View our cookie policy