Objectives
Objectives
What are the objectives of risk in deep
Offer a tool to support the main activities required in the governance of Cybersecurity Risk Management as well as compliance with information security and data protection standards and regulations.
Represent the business scenarios through the different corporate entities (people, organisational functions, processes, IT tools, facilities, etc.) that contribute to making possible the services around which the Corporate Mission is focused and that constitute the elements on which to define the security protection objectives (Entity Model).
Identify the threats that contribute to compromising the security of the company's information assets and allow the Management to deal with them through an overall vision in order to correctly balance investments with the conscious choice of security risks that one is willing to accept (Risk Assessment).
Enable an integrated approach to support and guide the Risk Manager or Compliance Manager in fulfilling the requirements of the regulations and be able to govern the actions necessary to fulfil and optimise the common steps required by these regulations (Risk Management).
Allow periodic verification actions on the accountability of the security interventions established for the containment of security risks (Audit).
How risk in deep achieves its objectives
Through:
The representation of the various corporate entities (people, organisational functions, processes, IT tools, SCADA systems, facilities, etc.) that contribute to making possible the services around which the Corporate Mission is focused and that constitute the elements on which to define the security protection objectives (Entity Model).
The possibility of identifying the threats that contribute to compromising the security of the company's information assets, enabling the Management to deal with them through an overall vision, correctly balancing investments through the conscious choice of the security risks that one is willing to accept (Risk Assessment).
The support to the Risk Manager or the Compliance Manager, using an integrated approach, to the fulfilment of the obligations required by the regulations, managing to govern the necessary interventions and to optimise the common steps required by these regulations (Risk Management).
The periodic verification of the accountability of the security interventions established for the containment of security risks (Audit).