"O Real ISMS tornou fácil a medição da eficiência dos controles para a manutenção da ISO 27001."
Risk Management
Starting on risk identification
Risk Management is one of the main disciplines established in an Information Security Management System. Starting on risk identification and estimation, the organization can adapt itself to select controls that respond to the security requirements of its business environment. This management must be deployed in a systematical way, according to the business objectives and organization strategies.
Friendly Web Interface
Real ISMS is a full solution to manage your risks, controls and control objectives in a simple and organized way, granting comparable and reproducible results. Real ISMS has a friendly web interface, allowing risk management members to receive messages and access information through a risk dashboard, high level reports, statistics and analytical graphs.
- Guarantee an up-to-date risk analysis, showing the organization's actual risk picture.
- Communicate the risks to information owners, so they can register their acknowledgment about the identified risks and the implemented controls.
- Measure the efficiency of implemented controls in a timeline (to establish a trend line).
- Organize and correlate risks with internal controls.
- Integrate "security view" with "business & process view".
- Create objective evidences on the business managers' participation in the risk management process.
- Create a knowledge base regarding risk and internal controls.
- Demonstrate the impact that follows risk to justify the investments.
- Prove due diligence to risk identification and treatment.
- Grant compliance of the information security management prescribed by ISO 27001 and others rules or applicable requirements.
- Minimize the cost to implement and maintain the risk management process.
Jean Caminha, PMP