Back to Service Library
Service Catalog / Strategic Advisory & Professional Services / Compliance Readiness / ISO 27001 – Asset Gathering & Risk Assessment
157ISOAGRA Base

ISO 27001 – Asset Gathering & Risk Assessment

On this page

    Service Overview

    In a world where new threats and vulnerabilities emerge constantly, new regulations and industry best practices are published, developing an effective cybersecurity program is of the utmost importance. In order for any business to prioritize cybersecurity investment and build a defensible cybersecurity program, a risk assessment must be performed to identify and understand organizational risk.

    This Risk Assessment will provide a comprehensive evaluation of your organization, provide a clear view of its top risks, and detailed recommendations for effectively mitigating those risks so that you can best align budget and resources where they are most valuable.


    This Statement of Work identifies the objectives, scope, methodology, deliverables, client requirements, and assumptions for all work to be completed by DeepSeas.

    Objectives

    The objectives of this initiative are as follows:

    1. Identify and prioritize cybersecurity risks in the environment.
    2. Support protection of critical assets.
    3. Support compliance with legal, contractual, and regulatory requirements.
    4. Quantify findings so that they are universally understood and easily communicated.
    5. Develop a prioritized list of top risks and an actionable plan for risk mitigation.

    Methodology

    This Risk Assessment project consists of the following phases:

    1. INTERVIEW SCHEDULE
      1. The client will identify the departments and stakeholders required to attend interview sessions and a risk workshop by completing the interview schedule provided by DeepSeas.
    2. ASSET INVENTORY DEVELOPMENT
      1. The client will develop an asset inventory with associated risk profiles to conduct the risk assessment. DeepSeas will consult on mapping assets to the risk workbook and the creation of risk profiles.
    3. RISK WORKSHOP
      1. DeepSeas to conduct a risk workshop with ISMS Manager & risk owners, as defined in the interview schedule, to evaluate vulnerabilities and quantify risks for all asset categories.
      2. Each vulnerability/weakness will be assessed on:
        1. Likelihood of a measurable event occurring from vulnerability exploit
        2. Potential Impacts from vulnerability exploit
        3. Vulnerability/weaknesses will be prioritized based on risk to the organization.
    4. DOCUMENTATION
      1. DeepSeas will develop a formal Risk Assessment Report.
    5. PRESENTATION
      1. DeepSeas will schedule a call with the Client to review all deliverables as part of the engagement.

    Deliverables

    DeepSeas will produce the following deliverables:

    1. RISK ASSESSMENT REPORT - DeepSeas will deliver a risk assessment report with details pertinent to identified risks and the recommendations for remediation.