Active Audit Agency

т: +38(044) 228-15-88


risk management

Information risk management

What is it?

Information risk management – is a process of detection,  analysis В and reduction of IT risks  , which may impact or has already impacted to company's information system. The main task of risk management based on the set of measures (controls), which allow to reduce risk level to affordable value.

risk management

Why do you need this?

Information technologies tremendously increase the business possibilities. But it is obvious that new possibilities inevitably connected to new threats, which may lead to the financial and others losses in the company.

The modern greenfield in Ukraine is overflown by floatin information security risks. In order to keep competitiveness on the market you need to implement economically grounded measures for valuable informational assets.В The increasing quantity of computer crimes, tough requirements from the legislation and regulators, and growing dependency for the business on IT systems continuity - this is not a full list of the problems most of the business facing up at the moment.

Risk management process will allow to detect and minimize informational risksand will give several advantages for your company:

  • Increase the competitiveness and security of your business in an aggressive dynamic risk environment;
  • Optimize the expences on information and physical security;
  • Clear definition on what and how your valuable assets shal be protected;
  • Understanding the current level of protection and define the appropriate one;
  • Management can make proper strategic decisions, based on actual risks;
  • Security functions could be integrated in all information flows inside company.

How do we implement the process of risk assessment?

We propose the following stages:

risk management
  1. Initiate the process of information risk management;В В 
  2. Identify informational assets and theirs value;
  3. Identify threats and vulnerabilities to information security;
  4. Evaluate and analyze the risks;
  5. Plan the means and methods to minimize information risks;
  6. Control measures implementation;
  7. IT risks monitoring and control.

The deliverables:

  • Risk assessment process "ready-to-use";
  • Risk management tools;
  • Complete list of valued informational assets;
  • List and likelyhood of the real threats for your IT infrastructure and all entity;
  • List of information risks with classification;
  • Recommendations for further risk management.