
RISK ANALYSIS
DPIA
It is often difficult to identify threats or risks for one's own organization from scratch. For the new versions of standards of management systems such as ISO 9001, ISO 14001 and ISO 27001, this is a requirement.
A commonly used method is the so-called MAPGOOD method. MAPGOOD stands for People, Equipment, Software, Data, Organization, Environment and Services. These are the different perspectives for looking at threats and risks.
The risk analysis consists of 3 main steps:
-
The risk analysis consists of 3 main steps: Mapping the components of the information provision in accordance with the MAPGOOD model.
-
Mapping the threats that are relevant to the information system to be investigated, with the potential impact and the probability of occurrence per threat.
-
Translating the most relevant threats into measures to be taken.
The risk analysis must be completed as uncoloured and as neutral as possible.
Performing a risk analysis must be supported by an expert with experience in performing risk analyzes. It is recommended that the organization appoints an internal employee who performs the risk analysis and in this way builds up experience with performing risk analyzes. This will increase the quality of performing the following risk analyzes.
During the risk analysis, the emphasis is on process monitoring and quality assurance by asking control questions to test the different assessments between the participants of the risk analysis.
SCHEDULE
BRING THE INFORMATION SYSTEM
preparation
Expert: 4 hrs
System owner: 1h
interview / session
Expert: 4 hrs
System owner: 4 hrs
(possibly technical and functional management)
elaboration
Expert: 4 hrs
ANALYSIS OF THREATS
preparation
Expert: 6 hrs
interview / session
Expert: 4 hrs
System owner: 4 hrs
elaboration
Expert: 8 hrs
DETERMINATION OF THE MEASURES - OBJECTIVES
preparation
Expert: 10 hrs - 12 hrs
interview / session
Expert: 2 hrs
System owner: 2 hrs
elaboration
Expert : 14 hrs
For support by an expert (if you wish) you must therefore count on a cost of approximately 7,500 EUR.
30% of this amount can be subsidized via the SME portfolio, if your organization is an SME of course.
© 2018 Lexit CVBA - Proudly created by Grinta Consultancy
Hoge Weg 129, 2940 Stabroek
paul.lauwereins@gdprmasters.com | 0478 44 53 33