Information technology has become one of the key success factors for the implementation of corporate objectives. Up to the present day finding an adequate balance between investment and residual risk has remained a very tough and utterly complex challenge. Risk, transparency and true costs have to be made clear and comprehensible.
IT risk management is therefore required to answer the following questions in a clear and understandable manner:
- What threats to the company may arise from the use of IT?
- How much IT does the company really need?
- How secure is the company’s IT?
CRISAM® serves to come up with comprehensible IT requirements based on the corporate strategy, the organisational structure and business processes. The security specifications determined from these IT requirements are compared with the risk of operating IT systems. Deviations from these IT specifications are identified as potential threats due to the use of IT. The required control process that identifies deviations from the predetermined target value is implemented in the company as a continuous risk management process.
CRISAM® evaluates your entire IT, e.g. software and applications on the server as well as power supply, according to the current technical standard. This standard is documented in numerous sources and confirmed by appointed experts. Evaluations which do not meet the current technical standard can pose a liability threat to management as well as to appointed persons; inadequate evaluations may be rated as negligence. CRISAM® obtains information on the current technical standard from the German BSI Baseline Protection Manual, the ISO27000 series of standards, ITIL, Cobit and other sources.
With their prefabricated and customizable reports CRISAM® Risk Valuation provides all the recorded data as well as results and analyses in a transparent manner for the different recipient groups.