When it comes to cybersecurity you can’t take an arbitrary approach, especially if your organization provides essential services or is a part of the critical infrastructure. We at AISEC believe, that a risk management approach helps to provide the minimum of security measures that need to be applied to achieve a sufficient level of security.
It all starts with the risk assessment that is performed by our senior auditors. We are using the international standards of ISO31000 / ISO27000 / ASIS families that help identifying the risks. After analyzing and evaluating risks are prioritized and a risk driven prevention / mitigation plans are shared with our Clients and formalized for approval to the Board. Since the security risk management is a continual process we always include procedures aimed at monitoring the risks to make sure they are maintained at an acceptable level while dealing with any change over the time.
This supports the creation of the security master plan for an organization, which outlines the future tasks when achieving the desired level of the security and protection of our Clients’ assets (both tangible and intangible). Our approach helps defining the most important activities that will mitigate the most critical risks in the cost-effective way. The security master plan respects the current state of risks in the organization and evaluates how they change while the remediation steps are taken.
AISEC SA is a security advisory company part of AICOM group.