What is a Risk Assessment Survey?
The purpose of this survey is to help the organization focus on protecting itself against relevant cyber threats.
The operation is performed by highly skilled specialists with extensive professional training and knowledge who serve as data security consultants. Our consultants hold international certifications such as CISSP and CISM; They have CISO diplomas and regularly undergo further training
The risk assessments world is roughly divided into two:
GRC
GRC (Governance, Risk management and Compliance) focuses on regulatory requirements, such as HIPPA, ISO 27001 standardization and legislation like The Privacy Protection Law and GDPR. In the professional language, it is called “soft spots” since the emphasis is on policies, procedures and audits rather than de facto settings.
Technological
Technological surveys focus on technical aspects. For example, evaluating the security level of critical systems in the organization, on-premise/cloud data-security-strategy-analysis, server hardening services, and organizational system mapping – to identify malfunctions.
Examples of survey types:
| survey type | explanation |
| Industrial Systems Survey | also known as OT, SCADA, or ICS: The survey’s objective is to map all controllers, MES environment software, and the communication between the various components and the IT system. |
| Cloud Systems Survey | Planning a network topology and data security architecture for Cloud Systems is fundamentally different from an On-Premise computing environment. The survey’s objective is to understand how the information flows, how it is stored and how to access it. |
| Risk Assessment Survey | Aims at providing the client with a situation report of critical threats to the organization, showing the existing gaps between the current state and the ideal state in terms of data security. Within the scope of that survey, several departments in the organization, like finances, HR and operations, must undergo professional evaluation, after which the organization’s data security should be profoundly analyzed. Here, the emphasis is not merely on the technological aspect but also on the gap, if it exists, between the current systems and relevant cyber threats to the organization. Sometimes, the survey specifically targets several cross-organizational business processes. |
| Data privacy Risk Assessment Survey | Examines the level of information security of all computer systems that store data and are used by the database, as well as compliance with legal requirements. |
| Qualification for ISO 27001 | That standard regulates how information security is managed in an organization. Its objective is to ensure proper management of information in the organization. |
| GDPR | Examining the organization from the legal and information security aspects. For example, Inspecting the company’s computer infrastructure and information systems where personal information is processed to ensure they are protected and secured as required. |
| HIPAA | Surveying the risks in the organization while assessing threat levels and mitigating them. For example: Examining the system’s applicative and infrastructural interfaces which contain medical information, Reviewing work procedures, the level of separation between client identification data and client medical records (EPHI). |
