Risk Management

Risk Management

Appropriate cyber and information security risk management is part of the mandatory agenda of every organisation and business, regardless of size, complexity and industry. The risk management tool enables security roles such as CSOs, CISOs, IT Risk Managers, Security Officers or Data Protection Officers to manage the risks in their context and scope and to achieve existing or defined security objectives. Our proven experts will support you according to your needs and requirements. We select the appropriate modules and elements from the risk management toolbox and enable you to manage your risks to the extent that is desirable and appropriate for you and your stakeholders.

The five phases of risk management

Risk management takes place in a recurring cycle of five phases:

  1. understanding and validating context and scope
  2. risk assessment planning
  3. performing the risk assessment
  4. developing definitions of actions or a roadmap of actions
  5. implementing the identified measures step by step

Responsibilities, processes and tools need to be defined and implemented for all phases. Depending on the size, complexity and sector of a company, different solutions can be developed or optimised. This cycle can be applied at a strategic, project or operational level. Temet can help you develop the tools or use your existing tools to implement one or more phases of this cycle. We strive to make the process as simple as possible, but as comprehensive as necessary, and to design and implement a solution that specifically meets your expectations and requirements.

Standards, Interfaces and Embedding

Risk management is a central element of an Information Security Management System (ISMS) as defined in the ISO/IEC 27001 standard. The ISO/IEC 27005 standard in the same series describes risk management in detail.

ISO/IEC 31000 is another standard that can be consulted when designing risk management. It is more general and can be applied to a variety of areas, such as developing, optimising or maintaining a specific risk management system for the IT organisation or supporting an appropriate internal control system (ICS) in accordance with the Swiss auditing standard and the Swiss Code of Obligations.

As operational risks, cyber risks are part of enterprise risk management and should always be embedded in the overall risk management of the entire organisation.

Customer benefits

Temet’s experts can assist you in setting up the necessary processes and tools, as well as in the operational implementation of risk management, be it by carrying out general or specific risk analyses or by defining an action plan. By practising risk management in the areas of information security and cybersecurity, risk owners in your organisation or business can demonstrate that you are fulfilling your duty of care to address the relevant risks. Risk Management also helps you to establish a certifiable ISMS in accordance with ISO/IEC 27001 and to implement an ICS in accordance with Swiss law.