RISK ANALYSIS

DPIA

Logo_GDPR_Masters_Schild.png

It is often difficult to identify threats or risks for one's own organization from scratch. For the new versions of standards of management systems such as ISO 9001, ISO 14001 and ISO 27001, this is a requirement.

A commonly used method is the so-called MAPGOOD method. MAPGOOD stands for People, Equipment, Software, Data, Organization, Environment and Services. These are the different perspectives for looking at threats and risks.

MAIN STEPS

The risk analysis consists of 3 main steps:

  1. The risk analysis consists of 3 main steps: Mapping the components of the information provision in accordance with the MAPGOOD model.

  2. Mapping the threats that are relevant to the information system to be investigated, with the potential impact and the probability of occurrence per threat.

  3. Translating the most relevant threats into measures to be taken.

 

The risk analysis must be completed as uncoloured and as neutral as possible.

Performing a risk analysis must be supported by an expert with experience in performing risk analyzes. It is recommended that the organization appoints an internal employee who performs the risk analysis and in this way builds up experience with performing risk analyzes. This will increase the quality of performing the following risk analyzes.

During the risk analysis, the emphasis is on process monitoring and quality assurance by asking control questions to test the different assessments between the participants of the risk analysis.

SCHEDULE

BRING THE INFORMATION SYSTEM

preparation
Expert: 4 hrs
System owner: 1h
interview / session
Expert: 4 hrs
System owner: 4 hrs
(possibly technical and functional management)
elaboration
Expert: 4 hrs
 

ANALYSIS OF THREATS

preparation
Expert: 6 hrs
interview / session
Expert: 4 hrs
System owner: 4 hrs
elaboration
Expert: 8 hrs
 

DETERMINATION OF THE MEASURES - OBJECTIVES

preparation
Expert: 10 hrs - 12 hrs
interview / session
Expert: 2 hrs
System owner: 2 hrs
elaboration
Expert : 14 hrs
 

For support by an expert (if you wish) you must therefore count on a cost of approximately 7,500 EUR.

30% of this amount can be subsidized via the SME portfolio, if your organization is an SME of course.