ARICT, ICT Risk Analysis and Management



image risk analysis

In addition to the parallel analysis of potential impacts on company's business continuity, IT risk analysis is a complex process which should be periodically activated. 

With the backing of its experts, Malabo carries out this type of intervention implementing its own approach to digital security (see the area concerning it and the following synthesis picture), starting from detection and analysis of ICT systems, of internal and external users, from summary report of past attacks and problems, contextualizing standard and best benchmarking practices within the Client's specific reality and aims. (for this reason, the first step in the mapping of the situation is represented by identifing Critical Success Factors (CSF). 

ICT risk analysis starts from the ue of service AVULlCT  regarding the ICT vulnerabilities analysis, focused on IS (Information System) technical vulnerabilitis of Client, taking into account and analyzing also its tertiary sections. AVULICT's application is preparatory, and mandatory, to risk analysis. 

 After acquiring the results obtained with AVULICT, in risk analysis: 

  • the vulnerability of organization is analyzed as far as Client's ICT and IS
  • the IS user's vulnerabilities, both final and priviliged, are analyzed, and in particular internal users within client's organizational structure
  • the vulnerabilities and risks of Client's ICT providers are analyzed, by verifying the existing contracts and their relative provisions about service levels, privacy and digital security
  • IS malfunctions and any attacks against it occurred in the past are analyzed
  • the results of the previous ICT risk analyses or regarding the whole company are analyzed, in addition to potential reports and articles that examined the dangers of industry sector to which the client belongs
  • the most feared problems and risks relating to IS are identified during the meetings with company management and with certain reference users, in addition to explanation of their reasons. 
  • the business impact analysis (BIA) can be optionally perfermed, tipically used in relation to the most serious identified risks. 

Malabo refers to and uses the following standards and the best international practices for the risk management, according to the specific Customer (non-exhaustive list): 

  • ISO 31000:2009 - Risk management -- Principles and guidelines;
  • Risk Management Standard della FERMA, Federation of European Risk Management Associations;
  • IRM Criteria , Institute of Risk Management.
  • For privacy: EU Regulation 2016/679, previous D.Lgs 196 and the various upgrades and regulations of the Italian Data Protection Authority.
  • For ICT risk analysis and management: ISO 27005, NIST SP 800-30, Octave Allegro.
  • For IS architecture and security: Togaf , OSA, NIST, Direttiva NIS.
  • For management IT security measures: ISO 27001-2, ITIL: 2013, COBIT v5.
  • For data protection (privacy), including outsourced and/or in cloud ones: ISO 27018.
  • For cloud services security:  ISO 27017, ISO 27018 and CSA Star.
  • For identification and authentication: PKI, X509, ISO, graphometry, NIST, and IDAS (SPID).

The result of risk analysis is a Report which details the identified risks in order of severity, their reasons and potential causes, the measures to be taken to eliminate e to reduce them. This Report is presented and explained to the company's top management during a meeting. 

By a consueling in relation to risk analysis (RA) and/or to BIA, Business Impact Analysis, usually carried out in the framework of an intervention for Business Continuity (BC) and/or for enhance IS digital security measures. Malabo may provide the client with periodic updating of AR, BIA and BC and/or may provide the client as Saas (in cloud) with their own IS tools for analysis and plans on these issues, tailored to the customer's specific needs (derived from the early consultation) and with a training support for direct and correct use by the Client.




This website uses cookies from both its Joomla 3.x and from third party software to improve the browsing experience of users and to collect information on the use of the site itself.