The new edition of the international standard ISO 27005: 2018 (ISO / IEC 27005) contains guidelines on Information Security Risk Management, which support all types of organizations that intend to manage risks that could threaten information security in business.
An organization that decides to implement the Information Security Management System (ISMS) and certifies it through accredited certification bodies must ensure, that the system complies with the requirements of risk analysis and assessment standards in the field of information security.
Due to the amount and scale of the data being analyzed, it becomes inevitable to include appropriate support software.
To fully understand and implement ISO 27005: 2018, it is necessary to know the assumptions, models and processes of risk management and information security.
Due to the high competence and many years of experience in the GRC area, our consultants have been invited to cooperate in implementing the information security management process, with the support of the RSA Archer® system, which is fully capable of analyzing such a wide range of data.
As part of the project, our consultants conducted a dedicated workshops with the client, developed the system implementation and configuration blueprint in accordance with the required risk assessment methodology in the field of information security, and then they were applied in practice when conducting the IT risk assessment process in the organization.