Spojeni s důvěrou

Spojenie s dôverou

Connected with trust

D. Trust
Certifikačná Autorita a.s.

Spojeni s důvěrou

Spojení s dôverou

Connected with trust


Risk analysis

We offer the performance of a risk analysis, including subsequent activities and easy subsequent repetition thanks to an electronic model. It is possible to carry out the analysis according to the international recognized method CRAMM with integrated support of the ČSN ISO/IEC 2700x standards, or according to your own method. The CRAMM method allows, in compliance with ČSN ISO/IEC 27005, a combined access, i.e. the performance of a basic analysis and then the performance of a detailed analysis based on the results of the basic analysis for systems important for the activities of the organization. 

The risk analysis and definition of adequate security measures to manage the risks includes:

  • definition of the extent and the level of detail of the risk analysis,
  • ascertainment and assessment of assets,
  • preparation of a model of services provided by the analyzed ICT system,
  • definition of the extent of threats and vulnerabilities,
  • calculation of the level of risk for individual threats and their effects,
  • generation of a set of adequate security measures from the database of the applied tool, or use of different sources,
  • preparation of a final report on the risk analysis containing explanations, conclusions and a set of security measures,
  • handover of an electronic model of the analysis.

The following may be prepared as subsequent outputs: 

  • Derivation and framework of en emergency plan (for emergency planning),
  • Definition of the method of risk management (ISMS),
  • Selection of objectives of measures and individual security measures (ISMS),
  • Statement of applicability (ISMS),
  • Preparation of a security policy aimed according to the client’s requirements,
  • Ascertainment of the status of implementation of security measures, and subsequent determination of: 
    • the level of compliance with the requirements of the ČSN ISO/IEC 27001 standard,
    • o the efficiency of the security measures (maturity) – ČSN ISO/IEC 21827,
    • o residual risk – ČSN ISO/IEC 27001 and 27005.

Registration authorities