Secure Your Business




“The following process has helped to

successfully create risk analysis: recording

risks in writing, discussing them and

making a choice before defining actions;

this will help to create a lean system.”


Mag. Karen Daghofer, Quality / IS Manager Fabasoft

Reference: ISO 27001 in SME´s


Risk management for maintaining business continuity is a central requirement in information security. Thanks to this approach, the standard also is scaleable so well: ISO 27001 is suitable for small enterprises just as much as large companies of all sectors. For initial risk analysis will show the specific security needs. A detailed implementation aid is provided by the Supplementary Standard ISO 27005.

Ten chapters give an introduction into professional risk management. The main issues are:

  • risk management process
  • risk assessment
  • minimizing risk
  • accepting risk
  • communicating risk
  • monitoring and continual improvement

Transparent residual risks

Is the security level of an organization, area or object sufficient and adequate? Are there unknown vulnerabilities? What controls for closing security gaps, which are profitable in economic terms, are possible? Periodic risk analysis within ISO 27001 furnishes important findings enabling assessment of

the security level achieved and makes it possible to draw up an adequate catalogue of controls and

to make residual risks transparent.



Risks from the perspective of information security

  • hardware failure
    • a server failure blocks operation
  • software failure
    • a virus causes a system crash
    • hidden programming errors block processes
  • human failure
    • intentional or negligent manipulation
    • faulty handling due to ignorance
  • disasters
    • the computing centre is damaged
    • databases are destroyed
CIS - Certification & Information Security Services T +421 55 677 0156 office.sk@cis-cert.com Imprint