Risk-based IS audit and the concept of unacceptable events

Taking into account the specifics of the business
Certified specialists
Post-audit support
Minimizing information security risks

Risk-based approach in IS -
a way of ensuring IS, which
is based on risk analysis and their

The focus is on identifying and understanding potential threats and risks, as well as applying appropriate security measures to manage them. This approach requires constant monitoring and adaptation to changing conditions and threats.

During the Audit process, we compile a consolidated list of information security risks for the company and develop a risk management methodology

On the basis of which the Client gets the opportunity to decide what to do with the risk in the future: minimize, accept or transfer responsibility for the risk to a third party.

We also compile a consolidated list of unacceptable information security events for the company

And we are developing recommendations to minimize the likelihood of unacceptable information security events in the Client's business.

An unacceptable information security event is an event or action that violates information security policies, procedures, rules or norms

Examples of such events may be unauthorized access, malware phishing, fake websites, etc.

The cost of protecting an Asset should not exceed the cost of potential damage that may be caused by its loss or compromise

The principle that Auditors adhere to ITGLOBAL.COM Security during the provision of the service

Фон для itg

Why identify risks and compile a list of unacceptable information security events

Saving the IB budget

It will help to allocate the information security budget correctly, eliminating violations with a high level of criticality in the first place

Distribution of responsibility between IT and information security departments

We will increase efficiency and reduce the time spent on completing tasks

Minimizing information security risks

Having information about possible risks and the degree of their criticality for business, you can prepare in advance for possible negative situations

Reducing the likelihood of IB incidents

Following the recommendations will help you increase the level of protection of confidential information in the Company
Our clients

Information security audit based on risks and the concept of unacceptable events.
Order a service

You agree to the terms of the privacy policy

In the process of rendering the service, the Auditor collects
information about the components included in the following
research areas

Network and wireless infrastructure

Infrastructure services (OS, IBS, etc.)

Application services (DBMS, ERP, etc.)

Security of confidential information

Managing access to IT infrastructure components

Security control (DLP, malware protection, etc.)

Organization of fault tolerance of information infrastructure components

Secure software development

The result of an audit of information security processes
risk-based security and concepts
An invalid event is a report that
It consists of


A general description of the Audit results without using specialized terminology, but with an assessment of the criticality of the identified violations in information security processes

Detailed Report

Description of the current state of the processes and the detection of violations. Contains detailed information on the elimination of identified violations

Areas of responsibility

This section contains information about the division of responsibilities between IT and information security specialists

What to do with the Report

Analyze the results

Carefully review the Report to analyze the identified violations, potential consequences and recommendations for their elimination. 

Develop an action plan

Create an action plan to eliminate the identified violations in the information security processes. Set deadlines and responsible persons to ensure an appropriate response to each problem.

Handle the risks

Take measures to handle risks and implement methods of protection against unacceptable information security events in accordance with the developed action plan

Train the staff

Conduct employee training to increase awareness of risks and best security practices

How the Audit is conducted


Coordination of interaction

We form teams on both sides, coordinate the work plan and deadlines for the implementation of the project

Conducting an interview

We conduct interviews with owners of business processes, employees of information security and IT departments, users of information systems

Analysis of the information received

We identify problems in information security, develop a consolidated list of risks and unacceptable information security events

Development of a Report with recommendations

We describe the current state of information security in the Company, develop a list of measures to prevent the occurrence of unacceptable information security events

IB risk assessment

We form a list of assets with an assessment of their criticality for the Company, draw up a heat map and develop a methodology for processing information security risks
Our clients

Information security audit based on risks and the concept of unacceptable events.
Order a service

You agree to the terms of the privacy policy
Our clients

Risk-based IS audit and the concept of unacceptable events.
Order a service

You agree to the terms of the privacy policy
We use cookies to optimise website functionality and improve our services. To find out more, please read our Privacy Policy.
Cookies settings
Strictly necessary cookies
Analytics cookies