Set of methodologies aimed at quantitatively and qualitatively assessing the threats a system may be exposed to, establishing and collaborating in the articulation of the actions necessary to reduce the impact of existing risks.
Within this section, we can distinguish the following services:
Identify, evaluate and manage the main risks and threats considering the main assets of IT processes in terms of technologies, procedures and people involved in them. Our analysis is based on specific methodologies such as Magerit and Octave.
BUSINESS CONTINUITY PLAN
Assess the impact that risks can have on business processes and define optimized response solutions and procedures that enable organizations to operate in the face of any disaster scenario. BS 25999: Design, develop and implement a business continuity management (BCM) model based on BS: 25999, guaranteeing operational effectiveness and regulatory compliance.
Identify, prioritize and budget the different security initiatives as well as the definition of the Organization’s strategic security framework based on standards such as ISO 27001.
Once the risks have been identified and evaluated, we carry out actions to manage the main risks detected and the threats derived from them.
The management models allow us to reach a stage of advanced maturity of Information Security, through the process of continuous improvement, called PDCA (Plan – Do – Check – Act). Information security management systems can be certified under ISO / IEC 27001: 2005.