Our further service: IT and business risk analysis
Within the usual risk analysis, the organization assesses its threats, the estimated effects of these threats and the probability of their occurrence. The risks identified can be both IT and non-IT (business, reputation, etc.). However, by identifying the risks the controls have not been evaluated yet, so the risk must be reduced. Controls that reduce the impact of the risk and/or the likelihood of its occurrence are evaluated. When evaluating the effectiveness of controls, we obtain residual risk. Aware of the residual risk the organization must decide whether to accept or reduce it by applying additional controls, possibly transferring its effects (eg through insurance). Finally, you can eliminate the risk itself by eliminating the root cause.