Skip over navigation
Ultima Risk Management Logo linking to homepage
  • Contact us
  • Site map
  • Home
  • Consultancy
    • Introduction
    • Information Security (ISO 27001)
    • Business Continuity Management (BS 25999)
    • PCI DSS
    • IT Service Management (ITIL & ISO 20000)
    • Data Protection
    • Information Risk Management
    • Software Asset Management
    • Polices & Procedures
  • Training
    • Training Courses
    • CISMP - ISEB Certificate in Information Security Management Principles
    • PCBCM - ISEB Practitioner Certificate in Business Continuity Management
    • PCIRM - ISEB Practitioner Certificate in Information Risk Management
    • SAM - ISEB Certificate in Software Asset Management Essentials
    • PCSAM - ISEB Practitioner Certificate in Software Asset Management
    • BCM - BCI Understanding BCM Principles and Good Practice
    • All other courses
    • Training Schedule
  • Products
    • ISO 27001 Risk Assessment Tool
    • BS 25999 Risk Assessment Tool
  • Events
    • BS 25999 Implementation Seminar
  • Case Studies
    • Audatex - Global first Dual certification
  • About us
    • Company Profile
    • URM's Partners
    • How to contact us
Home / Consulting / Information Risk Management / URM's Approach
getting the balance right
Getting the Balance Right

URM's Risk Management Methodology

Risk assessment is the only way for senior managers to ensure that controls are cost effective and appropriate.

In many market sectors, the adoption by senior management of a formal risk strategy to demonstrate to stakeholders, regulators, legislators and business partners is mandatory. Such a strategy must embrace risk management and risk acceptance, based on an agreed corporate risk appetite.

A risk assessment will require the involvement of a wide range of individuals - typically business representatives, IT specialists, Human Resources and legal professionals, and facilities management. The review will include an assessment of controls already in place. The stages of the risk assessment process will include:

Scope

the identification of the information assets, together with their owners, to be reviewed.

Business impact

an analysis of the quantifiable potential losses that might result from a breach of security.

Threat assessment

a review of an organisation's vulnerability to a range of threat types that will cause business damage and the likelihood of the threats manifesting themselves.

Risk identification and quantification

the combination of business impact and threat assessment to identify and quantify specific areas of risk, especially those requiring the application of further security controls.

Controls selection

based on the previous stage, the selection by management from a list of controls that they wish to implement to lower residual risk to a level that is deemed to be acceptable.

Benefits of engaging with URM

Those customers who have experienced URM's Risk Management methodology have benefitted in a number of different ways, including:

  • budgetary savings resulting from a better understanding of control requirements;
  • the identification of previously unrecognised risks that posed a major obstacle to achieving business objectives;
  • expeditious compliance with corporate governance requirements in readiness for its SOX audits;
  • greater synergy between the business and IT; and more effective audits by internal and external auditors.
  • Introduction
  • Information Security (ISO 27001)
  • Business Continuity Management (BS 25999)
  • PCI DSS
  • IT Service Management (ITIL & ISO 20000)
  • Data Protection
  • Information Risk Management
  • URM's approach to Information Risk Management
  • Software Asset Management
  • Polices & Procedures

Copyright © Ultima Risk Management, 2008. All Rights Reserved.

contact us | careers | terms of use | privacy | site map