Select regional store:

Cyber Security Risk Assessments (10 Steps to Cyber Security)

On this page

Why carry out a cyber security risk assessment?
What does a cyber security risk assessment include?
Why use IT Governance?
How much will it cost?

Why carry out a cyber security risk assessment?

Today’s attacks are multi-level and multi-channel by default. According to UK Government research, 74% of small firms in the UK experienced a cyber security breach last year, and 90% of large firms were also targeted. Some incidents caused millions in damages.

A cyber security risk assessment is necessary to identify the gaps in your organisation’s critical risk areas and to determine actions to close those gaps. It will also ensure that you invest time and money in the right areas and do not waste resources.

HMG’s Ten Steps Approach

Our risk assessment takes into account the government's cyber security guidance for business (published by the Department for Business, Innovation & Skills (BIS) and CESG), which suggests a ten-step approach to cyber security.

ISO 27001 and cyber risks

ISO/IEC 27001 is the international standard for implementing an information security management system (ISMS). ISO 27001 is heavily focused on risk-based planning to ensure that the identified information risks (including cyber risks) are appropriately managed according to the threats and the nature of those threats.

ISO 27001 and Cyber Essentials

Even if you have implemented an ISO 27001-compliant information security management system (ISMS), you may want to check if your cyber security hygiene is up to standard with the UK government’s guidelines. The government’s Cyber Essentials scheme provides a set of five controls that organisations can implement to achieve a baseline of cyber security. Click here for more information >>

What does a cyber security risk assessment include?

A typical risk assessment involves identifying the various information assets that could be affected by a cyber attack (such as hardware, systems, laptops, customer data, intellectual property, etc.), followed by identifying the various risks that could affect those assets. A risk estimation and evaluation is usually performed, followed by the selection of controls necessary to treat the identified risks. It is important to continually monitor and review the risk environment to detect any changes in the context of the organisation, and to maintain an overview of the complete risk management process.

Cyber Health Check

This fixed-price, three-day Cyber Health Check combines consultancy and audit with testing and vulnerability assessments to assess your cyber risk exposure. Our four-step approach will identify your actual cyber risks, audit the effectiveness of your responses to those risks, analyse your real risk exposure and then create a prioritised action plan for managing those risks in line with your business objectives. More information

Ten Steps Risk Assessment

Our consultancy team will examine each of the ten risk areas (described below) to identify the strengths and weaknesses of your current security posture. You will receive a consolidated, tailored and immediately usable action plan that will help you close the gap between recognised good practice and what you are actually doing. This is a bespoke service and we can tailor our service to meet your timescale and budget requirements. We focus on quality and results, while offering competitive prices.

The ten risk areas that will be examined are:

  • Board-led information risk management regime
  • Secure home and mobile working
  • User education and awareness
  • User privilege management
  • Removable media controls
  • Activity monitoring
  • Secure configurations
  • Malware protection
  • Network security
  • Incident management

Cyber risk assessment software

With vsRisk™, information security risk assessments have never been faster, simpler or easier. vsRisk is packed with powerful features, giving you full control of the risk assessment process, and delivers streamlined, consistent and repeatable cyber security risk assessments. Including a prepopulated sample risk assessment, vsRisk is trusted by leading risk practitioners as the ultimate cyber security risk assessment tool. More information

Why use IT Governance?

IT Governance brings a wealth of experience in the cyber security and risk management domain. As part of our information security work with hundreds of private and public organisations in all industries, we have been delivering comprehensive risk assessments for more than ten years. All our consultants are qualified and experienced practitioners.

Find out more about the current cyber threat landscape >>

Call us on +44 (0)845 070 1750 today or email for a no-obligation quote or to arrange a risk assessment.

This website uses cookies. View our cookie policy