Security Risk Assessment

CISO AG will review your organisations security goals and conduct a risk assessment to inform your cybersecurity choices. By understanding information security risk and the impact it may have on an organization, CISO AG’s consultants set the foundation for a formalized IT risk management program.

Security Risk Assessment

Risk management is the ongoing process of identifying, assessing, and responding to risk. This is the first step in the security cycle of risk management, a risk assessment provides insight into the effectiveness of your security posture and acts as a baseline for developing policies and control decisions.

Security risk assessment is achieved through the following processes:

Identifying your most critical information systems, and mapping out critical data flows

Identifying all ‘interested parties’ that may access/process your sensitive data on site

Identify all relevant 3rd parties whom process critical data, and prioritise them based on risk

Identifying the boundaries of systems under your control, vs 3rd party control/access

Creating a process for supplier on-boarding, incorporating various checks for compliance against your policies, and meeting your organisation’s risk appetite

Ensuring all existing 3rd parties have contracts, with appropriate clauses, SLAs and penalties.

Ensure data breach obligations are embedded and tested, along with your internal team’s awareness and participation (including your public relations team)

Enforcement of contractual obligations through audit and supplier performance reviews

Using world class tools to give your most critical suppliers an ongoing technical risk assessment

Incorporating assessment feedback into a continuous improvement process for your supply chain

Escalation of major risks to Procurement, to help your organisation steer clear of dangerous waters


This service is a cost-effective model that can be scaled – both in length and scope – to meet the specific and unique security needs and risk appetite of the client. Through this package our clients can focus on their core business activities, whilst being assured that their information assets are available, effective and safe.

Cost Efficient Model
Payment Card Security

Beyond baselining an organization’s security posture, information security risk assessments are also the first requirement outlined in federal regulations such as Sarbanes-Oxley Act (SOX), Gramm-Leach Bliley Act (GLBA) and Health Insurance Portability and Accountability Act (HIPAA).

The Payment Card Industry – Data Security Standards also require merchants of all sizes to perform due diligence in assessing risk in their technology operations. This also is a requirement within the GDPR Framework.

  • Tangible and Intangible
  • People
  • Process
  • Technology
  • Environmental
  • Human
  • Social
  • Internal & External
  • Are we doing the right things?
  • Are we doing them the right way?
  • Are we getting them done well?
  • Are we getting the benefits?
  • Business Impact Analysis
  • Quantitative & Qualitative Analysis
  • Probability and Impact Assessment
  • Risk Prioritization
  • An Individual, not a team or department