RISKILIENCE can help you implement your risk management process in accordance with the ISO27005 standard. A systematic approach to risk management in information security is necessary to implement appropriate and proportionate means of protection. We therefore offer an approach tailored to our customers’ environment and aligned with their general risk management approach.

Risk analysis

Our risk analysis approach complies with the ISO-27005 standard and is adapted from the EBIOS 2010 and MEHARI methods.
The background study is based on interviews conducted with managers during the launch phase.
The expression of needs is carried out in collaboration with representatives of the business, users, project managers and project management teams.
Threats are studied and risk scenarios drawn up on the basis of interviews or the results of technical or non-technical audits.
Safety objectives are recommended for dealing with the main risks, and the results of the study can be incorporated into a master plan, for example.

Risk management

The aim of the risk management strategy is to ensure that the definition of the action plan is part of a managed logic, as presented in the ISO-27005 standard. The risk management strategy informs the decision to treat, transfer, refuse or accept risks, based not only on the level of risk, but also on the operational, technical, organizational and financial acceptability of the measures to be implemented.
We propose an action plan with a timetable that takes these different criteria into account, and action sheets for each risk for which the decision to treat has been taken.
Risk mapping is consolidated. This mapping is then maintained and fed into the risk management process.