The client needed to define and adopt an IT Risk Management framework in order to adequately identify and manage Cyber Security risks within business operations. That framework should be integrated with the Enterprise Risk Management (ERM) already adopted by the company in order provide a comprehensive overview of company business risks.
Horizon Security has developed a ''custom'' IT Risk Management Framework based on ISO 27005, NIST/ISACA and CIS/SANS standards and best practices.
Additionally, a specific Risk Assessment has been performed on two (2) critical business processes and a risk treatment plan has been defined.
In order to address the client needs, Horizon Security has performed the following project activities:
• Analysis of the current Risk Management framework adopted by the client, in terms of processes, methodologies and tools;
• Definition of a ''custom'' IT Risk Managemenet framework based on ISO 27005, NIST/ISACA and CIS/SANS standards and best practices. Particularly, the related process, methodology and tools has been developed based on the client context and needs;
• Execution of a specific IT Risk Assessment on two (2) critical business processes by using the IT Risk Managemen process, methodology and tools previously defined;
• Definition of a IT Risk Treatment Plan that allow to adequately mitigate (or reduce) the identified risks and integration of that plan within the Cyber Security Masterplan adopted by the client;
• Tuning and finalization of the IT Risk Management framework.